Press release

Employees are the top risk for cyber criminality—survey among German digital security decision-makers

November 29, 2019
  • 63 percent see their own employees as a weak point in their security strategy
  • 34 percent do not explain the current risks in sufficient detail to their workforces
  • In almost one in three companies employees play no role at all in cybersecurity strategy

Almost two thirds of cybersecurity decision-makers in Germany consider their own employees as the weak point in their security strategy. And here they are admitting their own shortfalls, as one third of the workforce are not kept sufficiently updated on current cyber risks. 42 percent do not even make their workforce continuously aware of the digital risks when away on business trips. 31 percent even say that up to now employees have played absolutely no role in their company’s security strategy. These figures come from the Command Control Cybersecurity Index 2020* for which 300 German security decision-makers were surveyed on behalf of Command Control (March 3–4, 2020 in Munich).


The patchy involvement of employees in corporate digital security is a dangerous contradiction to the current risk situation, where 76 percent of security decision-makers see espionage and data loss through Trojans as a big risk. The Federal German Security Authority (BSI) confirms this estimate and recently issued another convincing warning about Emotet malware which infiltrates into corporate networks using fake emails in the names of colleagues, business partners or acquaintances.** “When launching their encryption Trojans, attackers are now increasingly relying on social interaction—in other words the involvement of company employees,” comments Katharina Keupp, Project Manager of Command Control at Messe München. “This trend requires a completely new cyber resilience from companies and they must engage in continuous prevention work and create the appropriate awareness of cyber risks in the workforce.”

Corporate structures as an obstruction

In many companies outdated structures make it difficult in increase employee involvement. 59 percent of decision-makers say that the silo structures of their company—in other words the poorly coordinated, sometimes almost non-existent collaboration between departments—act as a brake on cybersecurity. However, most of the companies do intend to make some changes here and 84 percent of those surveyed say they would like to promote a culture of cyber resilience in their company through the collaboration of all employees. But 86 percent of decision-makers state that their workforce has a responsibility, too, and are requiring their employees to break out of departmental thinking and work closely together when it comes to cybersecurity.

Command Control—the European cybersecurity summit

How these new cybersecurity requirements are being implemented in practice will be discussed on March 3–4 with 1,500 cybersecurity decision-makers such as CISOs, CIOs, managing directors, risk managers and data protection officers at the second Command Control in Munich. The focus of the Summit is the interactive conference program with 50 international top speakers. Keynote speakers will include Cambridge Analytica whistleblower Brittany Kaiser, the Head of Information Security at Netflix Jimmy Sanders, the CIO of Maersk, the world's biggest shipping company, Adam Banks, the CEO and Co-founder of IOTA Dominik Schiener, Dr. Anna Zeiter, Chief Privacy Officer at eBay Inc. and Dr. Suzanna Randall, likely to be Germany’s first woman in space. Philipp Amann from Europol and Heiko Löhr from the German Federal Criminal Office in Wiesbaden will also present the latest findings from the security authorities.

* Command Control Cyber Security Index 2020

A total of 300 specialists and managers in Germany who have sole or joint decision-making authority for digital security were surveyed in summer 2019 by a market research institute for the Command Control Cybersecurity Index. 200 participants work for medium-sized companies with between 100-999 employees. A further 100 participants work for large corporations with 1,000 employees or more. 132 participants are involved with critical infrastructures. The main sectors covered by the survey were the manufacturing, finance and energy sectors.

** www.bsi.bund.de

Press contact
Bernhard Krause
Bernhard Krause
PR Manager
Messegelände, 81823 München
+49 89 949-9721484