According to management, the main reasons for expanding cybersecurity in companies in Germany, Austria and Switzerland are the increasing awareness of economic consequences. An average of 10 percent of companies in the DACH region also stated that they had not made any investments in cybersecurity in recent years.
According to current figures from the Sophos Management Study, the threat of economic damage from cyberattacks is the main reason for investing in cyber protection. Managers in Germany and Austria cite awareness of the economic consequences of cyberattacks as the main reason for investing in the past three years, with 23,4 percent (D) and 24 percent (AUT) respectively. Switzerland is even more sensitive to this point, with 36 percent even emphasizing that they have invested in cybersecurity due to possible economic damage.
Ransomware and digital transformation
The second most common reason for expanding IT security in companies in all three countries was the increasing threat of attacks such as ransomware. This aspect was emphasized by 21,4 percent of respondents in Germany, 20 percent in Austria and 28 percent in Switzerland, again the most.
Another key motivation for strengthening the protection of IT systems is the digital transformation in companies. It ranks third as a reason for investing in cyber protection in all three countries, with 18,4 percent of German bosses, 14,9 percent of Austrian bosses and 20 percent of Swiss bosses.
Legal or insurance requirements are subordinate
In comparison to the main motives for investing in cyber protection, aspects such as requirements for cyber insurance (Germany 2 percent, Austria 4 percent, Switzerland 4 percent) or applicable IT and cyber protection laws such as GDPR or NIS II were less important. The latter aspect was named by 8 percent in Germany and Austria each, but was not part of the survey in Switzerland.
State-initiated cyber attacks are at the bottom of the list, 10 percent have not invested at all
Very few respondents stated that protection against state-initiated cyber attacks was a motive for expanding IT security – in Germany this figure is 2,5 percent, in Switzerland 2 percent, and in Austria this aspect is not even mentioned by anyone.
Despite the constantly increasing threat situation, some companies stated that they had not strengthened their cyber protection in the past three years. In Germany, this was 10 percent, in Austria 14 percent and in Switzerland 6 percent of those surveyed.
Although the minority say that they have not worked on improving security in recent years, Michael Veit, Security Evangelist at Sophos, believes that not every company is investing in cyber protection. "Companies must be aware that investments in IT security should no longer be viewed as a cost factor, but as (life) insurance," he says. Anyone who does not heed this can count down until their own business operations are paralyzed by a cyber attack."
About the poll
On behalf of Sophos, Ipsos surveyed 201 C-level managers from retail, services and manufacturing in Germany and 50 each in Austria and Switzerland on the topic of IT security in their companies.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.