German Companies Hardly Prepared For Cyber Attacks

The requirements for cybersecurity have changed significantly as a result of the COVID 19 pandemic. Instead of a fixed work location with a static corporate network, hybrid work and virtual collaboration now involve the use of multiple devices at various locations. As a result, companies must not only transform their security structures, but also protect themselves against new and ever-evolving threats.

The Cisco Cybersecurity Readiness Index 2023 has determined the extent to which companies are up to these new challenges. Based on 6,700 expert surveys, companies were categorized into four maturity levels: Beginner, Formative, Progressive, and Mature.

Germany in international comparison

The highest maturity level (Mature), which provides the best possible protection against modern security risks, is achieved by only 15 percent of companies worldwide. In Germany, this figure is only 11 percent. This puts German companies in the midfield of the 27 countries surveyed. In Europe, they occupy second place behind the United Kingdom.

German companies do best in endpoint security, ranking tenth worldwide (Mature & Progressive). Network protection is best developed in Germany (11th place), which is partly due to a comparatively frequent use of firewalls with an integrated intrusion prevention system (IPS) (DE: 78% vs. Global: 69%)

The protection of applications (13th place) and identities (15th place) is already declining, and when it comes to data security, Germany clearly lags behind (20th place). The main reason is the lower use of backup & recovery tools. Only 55 percent of German companies reported using these tools, compared with an average of 67 percent worldwide. Host IPS & Protection tools are also used significantly less in Germany (29 percent vs 41 percent worldwide). This is also evident in a European comparison: out of eight countries surveyed, Germany is only sixth in terms of data security, and second or third in all other categories.

Major damage from attacks

Most German companies have already fallen victim to cybercrime. Fifty-five percent of respondents report an incident in the last 12 months, one in two of which (49%) caused damage of at least $300,000. This compares to 60 percent globally who noticed an incident that caused 54 percent at least $300,000 in damage. In Germany, 77 percent (82% globally) expect their business operations to be disrupted by cybercrime in the next 12 to 24 months. To prevent this, 81 percent of German companies (globally: 86%) plan to increase their cybersecurity budget by at least 10 percent in the next 12 months.

In a global comparison, it is surprising at first glance that companies in industrialized nations have an overall lower cybersecurity maturity level than companies from developing or emerging countries. Indonesia, Thailand, Brazil, India and the Philippines, for example, make up the top 5. However, it is difficult to compare the individual countries with each other, as there are different prerequisites.

The Cisco Security Readiness Index explains the industrialized countries’ lagging behind with the many legacy systems in use, which often do not support state-of-the-art IT security at all – for example, in old production environments. In contrast, emerging countries were often able to start digitization projects with completely new security solutions and no legacy systems. Japan and South Korea bring up the rear. In Europe, France and the Netherlands performed particularly poorly.