eco IT Security Survey 2023: Many companies still underestimate the threat situation

  • 93 per cent of participants state that the Internet security threat situation is growing or growing strongly
  • 71 per cent of companies train and sensitise employees on cybersecurity and have contingency plans in place for cybercrime incidents
  • eco emphasises: Cybersecurity is a matter for the management and should be taken into account in all corporate areas

The current cybersecurity situation in Germany remains tense, according to the prevailing opinion of IT experts. 93 per cent rate the general threat situation as high or very high, while only about 7 per cent of those participating in the current IT Security Survey by eco – Association of the Internet Industry assume that the threat situation will remain unchanged. At the same time, however, many companies see themselves as well protected. 53 per cent of respondents rate their company’s security as good or very good, while 28 per cent report on an adequate security level. Only one in five (19 per cent) feel that cybersecurity in their own company is insufficient.

This perception of internal company security contrasts with how the experts surveyed the IT security rate in the German industry as a whole: Around 78 per cent say that the German industry is inadequately protected – two years ago, the figure was 67 per cent. Oliver Dehning, Head of the Security Competence Group, sees this as a potential danger: “The IT landscape is becoming increasingly complex, which also increases the attack surface of companies and institutions. Simultaneously, the threat posed by increasingly professionally organised forms of cybercrime is growing steadily. Many SMEs are too optimistic about their cyber resilience. Against the backdrop of global crises, these companies need to actively implement security measures, especially now.”

Businesses respond to cybercrime threat

In fact, 13 per cent of the companies surveyed had one or more IT security incidents in the past year. For 7 per cent there was one serious case and for 6 per cent even several. This is less than a year earlier; in 2021, just under 17 per cent of respondents had one or more serious security incidents. The most common attacks included the areas of ransomware, distributed denial of service (DDoS) and website hacking.

Many companies are mitigating this risk with measures such as raising employee awareness or cloud security. “A lot of companies are reacting appropriately and adapting their IT strategy to the tense security situation,” says Dehning. 71 per cent of companies have an emergency plan for IT attacks and regularly train or sensitise employees on the topic of IT security. Only 3 per cent do not train their employees and 10 per cent have no emergency plan and none in preparation.

Cybersecurity should be a matter for the management

The study shows that the perceived threat situation in the IT sector is becoming more acute and is being further exacerbated by crises such as the Corona pandemic or the Russian war of aggression on Ukraine. In addition to the forms of organised cybercrime known in IT, there are now also state actors who specifically use cyberspaces to attack companies and public infrastructures. Oliver Dehning explains: “Many SMEs in particular are the focus of internationally operating cybercrime networks and are not aware of this.” Therefore, eco emphasises that cybersecurity should be a matter for the management and must be implemented accordingly in all areas of the company’s work.

In order to support member companies, the eco Security Competence Group regularly provides information on cybersecurity and organises thematic events such as the Internet Security Days (ISD).

Download the IT Security Survey 2023

Download the logo for the IT Security Survey 2023


eco IT Security Survey 2023: Many companies still underestimate the threat situation