eco IT Security Study 2020: Companies Getting Prepared for Emergencies

  • Companies are improving their cyber-resilience through contingency plans (+6 percent) and regular employee training (+11 percent)
  • More serious security incidents in companies than in the previous year

More than 90 percent of IT experts in Germany estimate that the general threat to Internet security is growing. 42 percent describe the development as growing strongly. Only one in ten (9 percent) speaks of a constant threat. These are the findings of the eco IT Security Survey 2020. eco – Association of the Internet Industry has been publishing this study annually since 2010, and surveyed 294 experts from the IT industry for this purpose this year.

The experts assess the threat situation in their own company much more positively than in Germany as a whole. Two thirds (66 percent) of the experts surveyed said that German industry was inadequately positioned in terms of IT security technology. Respondents are more optimistic about their own company, with only 15 percent thinking that it is insufficiently protected against cybercrime. 32 percent feel that they are sufficiently safeguarded, 37 percent that they are well protected, and 16 percent that they are very well protected.

Threat situation still underestimated

“The discrepancy in the assessment of our own security situation and the security situation in Germany in general shows how difficult even experts find it to assess the threat correctly,” says Oliver Dehning, Leader of the Competence Group Security in eco – Association of the Internet Industry. “A great many small and medium-sized enterprises, in particular, are the in the focus of internationally active cybercrime networks and are not aware of this.”

Other figures in the study also suggest an error of judgement in many companies: In 28 percent of the companies, there has been at least one serious security incident in recent years. This is a growth of 2 percent in the number of companies compared to a year ago. Most of these were attacks using ransomware, website hacking or DDoS.

Staff training for more cyber security

Nevertheless, companies are improving their precautions against such serious security incidents. Around 63 percent have defined an emergency plan to be able to react appropriately in the event of a cybercrime incident. A year ago, only 57 percent of the companies surveyed had defined a corresponding plan or internal processes. As a second preventative measure, companies are also increasingly focusing on employee training. While 41 percent of those surveyed last year stated that they regularly trained employees on cybercrime and sensitised them to it, the 2020 study found that 52 percent, or an increase of 11 percent, were doing so.

eco members can download the study free of charge in the  members+ area.

eco IT Security Study 2020: Companies Getting Prepared for Emergencies