Budgets for Cyber Security On the Rise

German companies are increasingly looking to invest in their cyber security capabilities in 2024. This is a key finding from the latest edition of the annual global “Digital Trust Insights” study. PwC surveyed 3,876 organizations worldwide on various aspects of cybersecurity for the new edition of the study. 84 percent of the companies surveyed from Germany plan to increase their budget for the area by at least 5 percent. Only 4 percent plan to cut their budget – compared to 24 percent last year.

Generative AI is taking on an important role in the course of investments: In Germany, three-quarters of respondents plan to use GenAI tools for cyber defense in the next 12 months. “The war in Ukraine and its aftermath, combined with rapid digitization and new EU regulations, are changing the way companies think about cyber resilience. Vigilance has grown – and so has investment,” says Grant Waterfall of PwC Germany.

Increasing regulation puts more pressure on executive

In addition to increased geopolitical risks, the dynamic regulatory landscape also plays an important role in the rise of cyber security budgets. For example, the NIS-2 directive stipulates that executives can be held personally liable for effectively overseeing cyber security risks. 84 percent of German companies expect increased compliance costs as a result.

In the financial sector, the Digital Operational Resilience Act (DORA) regulation also requires executives to pay more attention to digital risks. “Many companies now understand that they need to act in light of the upcoming regulations – not only to protect their operations or reputation, but also because of the high financial consequences of breaches,” says Grant Waterfall.

Financial damage from cyber incidents on the rise

In many places, the growing awareness of IT security in one’s own company is being preceded by security incidents with sensitive financial damage. In the last three years, 70 percent of the companies surveyed in Germany have already incurred costs of between 100,000 and 20 million US dollars. In particular, losses in the range between 100,000 and 1 million US dollars have increased significantly: While only around a quarter of companies reported costs in this range last year, 41 percent of respondents have already done so this year. Only 8 percent of German companies have not been affected by data loss in the last three years.

Cloud infrastructures remain critical attack vector

Cyber risks related to cloud infrastructures remain the biggest concern for companies in Germany, at 52 percent. In addition, 29 percent of respondents in Germany also rate the compromise of their software supply chains as a serious risk. Another 24 percent fear attacks via zero-day vulnerabilities. In line with the risk perception, a third of companies in Germany are planning to invest more in their cloud security. Investment in application security and OT security is also an important issue for many German companies.

The global comparison shows that German companies, with a share of 62 percent, prefer to invest in the modernization of technologies and infrastructures for IT security. In contrast, the willingness to allocate funds for ongoing security training is significantly lower in this country than the global average – 29 vs. 40 percent. In Germany, the focus is also often on fixing problems that have arisen from cyberattacks.