IT security: major deficits in small and medium-sized companies

The “Praxisreport Mittelstand 2021/22” of the Verein Deutschlandsicher im Netz e.V. (DsiN) describes the IT security situation in small and medium-sized companies in Germany. Even standard protective measures reveal major deficits. </strong >

Under the patronage of the Federal Ministry of Economics and Climate Protection, the Deutschland Sicherheit im Netz e.V. association has been reporting on the digital security situation of medium-sized companies in Germany for the seventh time. The “Praxisreport Mittelstand 2021/22” analyzes damage caused by cyber attacks. In this context, the DsiN also provides information about IT risks caused by Corona and constant digitization as well as the corresponding protective measures required. The current report is based on a representative survey of 1,339 completed surveys of the DsiN security check in the period from May 2020 to January 2022.

Large IT security deficits in medium-sized companies

According to the DsiN, 43 percent of medium-sized companies are careless in dealing with software and security updates. 64 percent of the companies surveyed in Germany have no measures to detect attacks. According to the practice report, a quarter do not promote the IT security knowledge of their employees, and more than a third (34 percent) do without IT emergency plans. 32 percent of the companies surveyed rate inadequate IT security as a fundamental risk. 21 percent see their own competitiveness endangered, 11 percent even their entire existence.

Although the awareness of their own digital vulnerability during the pandemic has stabilized at a high level among 86 percent of medium-sized companies, the results of the current analysis are very similar to the figures from the previous year’s report.


Many companies on their own

IT-Security: Although the proportion of medium-sized companies that rely on external experts for IT security has risen from 20 to 27 percent, the employees in smaller companies in particular are often left to their own devices. These stagnating protective measures are offset by the increased use of digital technologies due to the corona pandemic. An example: The use of clouds has increased from 47 to 53 percent compared to the previous study, with around 43 percent of the companies using the cloud relying solely on the protective measures that the respective provider may have in place.


Fewer but more severe cyberattacks

According to the 2021/22 report by the Deutschland Sicherheit im Netz e.V. association, 42 percent of small and medium-sized companies reported having been the victim of a cyber attack at least once. This corresponds to a decrease of at least 4 percent compared to the previous report. The severity of the attacks has increased: According to DsiN, 76 percent of the affected companies complained about “noticeable effects”, 4 percent even classified the attacks as a threat to their existence. In the previous reporting period, 74 percent, i.e. 2 percent less, had reported damage from cyber attacks. These results correspond to the assessment of the BKA, according to whose “Federal Situation Report Cybercrime 2021” the threat potential from ransomware has increased significantly in 2021 compared to the previous year (read more here).

Source: Deutschlandsicher im Netz e.V.