Managers: poorer cybersecurity awareness

Executives: Awareness of cybersecurity is growing

Share post

Over half of German companies have already fallen victim to a cyber attack. According to a survey, senior managers are often more vulnerable to phishing attacks than their employees. The average click rate for managers is 60 percent higher than for other user groups.

Although cybersecurity awareness is increasing among managers, they are still more susceptible to false clicks on phishing emails. According to research from SoSafe, Europe's leading security awareness and training platform, 55 percent of German security leaders say their top management's focus on IT security has increased compared to last year. Cyber ​​risks are becoming more and more present: in the last three years alone, every second German company (58 percent) has fallen victim to a cyber attack.

Sensitized managers ensure sufficient security budgets

According to SoSafe's survey, cyber risk awareness among senior management also determines whether necessary resources for IT security are available in a company. That is, whether the company has enough staff and budget to combat potential cyber threats: Organizations whose leadership is aware of cyber risks are 33 percent more likely to have sufficient resources allocated to security concerns than those where Security awareness among management is low. Of organizations with inadequate security budgets, only 21 percent prioritize their security culture.

“It's good to see that senior management awareness of current cyber threats is moving to where we need it to be: senior leaders are becoming more aware of the importance of cybersecurity and how to role model within the company. “This means cybersecurity is finally becoming a board issue,” said Dr. Niklas Hellemann, psychologist and CEO of SoSafe. “This is the only way a company’s employees will internalize the values ​​and safe behavior surrounding the topic of cybersecurity.”

Executives are more likely to click on malicious links

Raising awareness among top management is necessary to make cybersecurity an essential part of the corporate culture. This also becomes important in terms of the actual risk: SoSafe data shows that management is more susceptible to clicking on phishing links than their employees. The average click rate for managers is 60 percent higher than for other user groups. However, the data also shows that managers are also more likely to report suspicious emails (20 percent) than employees (8 percent).

“Executives are an attractive target for cybercriminals because they have the highest clearance levels and decision-making power. Among other things, there is a risk that hacker groups will use the stolen information to impersonate executives, for example in the form of so-called CEO fraud or other AI-based attacks. This makes it all the more important for management to set a good example and be a role model for the rest of the team – and thereby protect themselves.”


The Human Risk Review includes data from a survey conducted in collaboration with Censuswide, an international market research firm. More than 1.000 security managers from six European countries (Germany, Great Britain, Austria, Switzerland, the Netherlands and France) were interviewed in February 2023.

In addition, exclusive data from the SoSafe Awareness platform was evaluated anonymously: More than 8,4 million simulated phishing attacks from 3.000 customer organizations from 2022 were analyzed. Data from the annual phish test carried out by SoSafe and Botfrei was also used. In 2022, over 9.000 simulated phishing emails were sent to registered users, which were classified as moderately serious in the simulation and had to be recognized by the user.

Go directly to the report on


About SoSafe
SoSafe helps organizations build their security culture and mitigate risk with its GDPR-compliant awareness platform. 2018 by Dr. Founded by Niklas Hellemann, Lukas Schaefer and Felix Schürholz, SoSafe now has more than 4.000 customers worldwide and is one of the leading providers of security awareness and training in Europe. With behavioral psychology elements and smart algorithms, SoSafe enables personalized learning experiences and attack simulations that motivate and train employees to actively protect themselves from online threats.


Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

Data encryption: More security on cloud platforms

Online platforms are often the target of cyberattacks, such as Trello recently. 5 tips ensure more effective data encryption in the cloud ➡ Read more