Study by G DATA reveals a gap between perceived security and real attack scenarios
While many employees in Germany consider themselves well prepared against social engineering, they lack the necessary confidence to act in real situations. This is revealed by the current study “Cybersecurity in Figures” by G DATA CyberDefense, Statista, and brand eins. Two-thirds of respondents state that they are well or very well prepared for social engineering attacks. However, only 17 percent are confident in their ability to recognize malicious emails.
The majority of employees in Germany feel uncertain when it comes to identifying fraudulent or dangerous emails. According to the study “Cybersecurity in Figures” conducted by G DATA CyberDefense in cooperation with Statista and brand eins, around 83 percent say they are unable to clearly identify such emails. Only about one in five respondents (17 percent) believes they can reliably detect phishing emails—a critical figure given the central role of email as an attack vector. At the same time, around 65 percent feel well or very well prepared for social engineering attacks. This contradiction has serious implications for IT security in companies.
“The study clearly shows how large the gap is between perceived security and actual ability to act—and this is exactly where cyberattacks begin,” says Andreas Lüning, co-founder and board member of G DATA CyberDefense AG.
“Decades of experience show that only those who realistically assess risks and regularly train in practical scenarios can respond correctly at the decisive moment. Companies should therefore invest specifically in clear and practical training formats to effectively strengthen their employees.”When confidence becomes a security riskIn addition to uncertainty in identifying specific attacks, the study also highlights a relevant risk group: one in ten respondents feels poorly or very poorly prepared for social engineering. In this type of attack, cybercriminals deliberately exploit psychological factors such as curiosity, pressure, or greed to persuade victims, for example, to disclose online banking credentials. The combination of uncertainty and misjudgment makes employees a central target for cybercriminals. The findings underline the high relevance of security awareness training as a key pillar of an IT security strategy. What is needed are practical training approaches that reflect real attack scenarios and specifically strengthen detection skills. Concrete action competence is required from every employee. Only when employees can recognize attack attempts in their daily work can companies be effectively protected.
“Cybersecurity in Figures” available for download“Cybersecurity in Figures” has now been published for the fifth time and is characterized by a high level of information density and methodological depth: more than 5,000 employees in Germany were surveyed in a representative online study on cybersecurity in both professional and private contexts. Statista’s experts closely supported the survey and, thanks to a sample size well above the industry standard, provide reliable and valid market research results in the publication “Cybersecurity in Figures.” In addition, the researchers compiled figures, data, and facts from more than 300 statistics into a comprehensive IT security reference work.
The study “Cybersecurity in Figures” is available for download here. (Only in german available)