eco Association at the Munich Security Conference: Digital resilience requires European solutions
- Current IT decision-maker survey by Civey shows: only about one-third of respondents consider the level of cybersecurity to be low to very low
- eco Board Member Professor Pohlmann: “Companies need reliable framework conditions, investment security and the strengthening of digital infrastructures.”
- More than half of respondents prefer European measures over national solo efforts
Berlin, 12 February 2026 – Cyber attacks are considered the greatest security policy risk by the German population. This is shown by the current Munich Security Index 2026, which was published ahead of the Munich Security Conference. However, a survey of IT decision-makers in Germany commissioned by eco – Association of the Internet Industry and conducted by the polling institute Civey paints a more nuanced picture: despite the ongoing threat situation, around two-thirds of respondents do not rate the level of cybersecurity in Germany as poor. According to the survey, more than half of respondents (55%) consider the level of cybersecurity to be average, and around 9 per cent even rate it as high to very high.
“In companies, we are not seeing alarmism, but rather a factual examination of real threats,” says Professor Norbert Pohlmann, Board Member of eco – Association of the Internet Industry. “For IT managers, cybersecurity is not an abstract fear scenario, but daily practice.”
The results of the eco Industry Pulse suggest that many companies are continuously expanding their security architectures and realistically assessing their own resilience. “Cybersecurity is an ongoing process,” says Pohlmann. “The fact that IT decision-makers are assessing the situation in a differentiated manner shows that investments in security are having an effect, even as the threat landscape remains objectively tense.”
As the biggest challenges in the field of cybersecurity, IT decision-makers in Germany primarily identify a weak security culture (22%), followed by outdated IT systems (14%) and slow legislation (11%). For eco, this results in a clear call to action for politicians: “First and foremost, companies need reliable framework conditions, investment security and consistent strengthening of digital infrastructures.”
“What matters is whether measures actually enable digital resilience. A stable security architecture is measured by whether it holds up in an emergency,” says Pohlmann. “To achieve this, we need sufficient skilled professionals, targeted investment incentives and practical regulations that also take SMEs into account. In addition, a clear framework of trust is needed for cooperation between the state and the economy. Only when it has been regulated how information is exchanged, how responsibilities are distributed and how companies are specifically supported can resilience become effective in everyday practice.”
European solutions should fundamentally be preferred in this regard. “National solo efforts incur costs and thereby jeopardise Europe’s position as a hub for innovation in the medium term. A European-coordinated cybersecurity policy also creates more planning security for business and administration and strengthens Europe’s ability to build digital resilience independently, instead of relying on national solutions that facilitate cyber attacks,” says Pohlmann.
Most companies share this view: For the majority of respondents (47%), political measures to increase cybersecurity should be clearly regulated at the European level, while only 33 per cent prefer national solutions.
The eco Industry Pulse is a quarterly survey of 500 IT decision-makers on current topics in the Internet industry and digital policy.
See all the German results here
