As part of the Cybersecurity Summit Command Control 2020, in summer 2019 over 300 decision-makers from medium-sized companies through to large corporations were surveyed on different areas of focus. The study covered both technical operational and strategic aspects of cybersecurity implementation. Decision-makers from companies with critical infrastructures, companies with 100-999 employees and companies with more than 1,000 employees were surveyed. They were all asked the same questions. The results are displayed graphically in a white paper.
According to the Cybersecurity Index, 83 percent of companies want to invest in cybersecurity and digital security in the next few years. For about 60 percent the need to invest is urgent. In these situations companies are not only considering expanding or modernizing of their technical infrastructure (79 percent), but also their workforce. For example, 86 percent of companies are of the view that they require more specialists to meet the security challenges of the future.
78 percent of decision-makers for digital security in Germany consider a change in cybersecurity strategy to be essential. This equates to an increase of eight percentage points over the previous year. The view of 80 percent of decision-makers is that traditional IT security is no longer in a position to protect companies.
Nearly 30 percent of decision-makers stated in the survey that cybersecurity and also digital security is urgently required for their company so that they can network digitally with partners in the future. Furthermore, amongst most managers cybersecurity is also a decisive criterion in the selection of partners and suppliers.
Almost two thirds of cybersecurity decision-makers in Germany consider their own employees as the weak point in their security strategy. And here they are admitting their own shortfalls, as one third of the workforce are not kept sufficiently updated on current cyber risks. 42 percent do not even make their workforce continuously aware of the digital risks when away on business trips. 31 percent even say that up to now employees have played absolutely no role in their company’s security strategy.
Three quarters of German cybersecurity decision-makers want political institutions to increase regulation for digital security than has been the case up to now. Consistent with this claim according to the Cybersecurity Index, 71 percent of decision-makers are of the opinion that statutory framework conditions such as the EU General Data Protection Regulation (GDPR) make it easier for their company to guarantee cybersecurity.
The Cybersecurity Index makes it clear that cybersecurity is of equal relevance to both managers of small companies and heads of large corporations. However, the prevailing opinion is that the operational implementation must still be improved in many areas. Most people surveyed also specifically see a need to bring their training level up-to-date and increase the awareness of their employees. The Cybersecurity Index also corroborates that many digital decision-makers would like to see a greater sense of responsibility from politicians.
The Cybersecurity Index including all its points is copyright protected. Any use which is not expressly permitted by the Copyright Act requires the prior written consent of Messe München. This applies in particular to duplications, editing, translations to storage and processing in electronic form. Disclosure to third parties is not permitted. The market research survey was carried out by “econNEWSnetwork” with the assistance of an online panel.