A new edition of the study “IT Security in SMEs” currently provides information about the state of cybersecurity in German SMEs. It also becomes clear that the topic is much more important than before. But there is still a lot of room for improvement.
The answers from the companies surveyed show that the importance of cybersecurity in companies has become more important and is therefore perceived as important. However, implementing effective IT protection is still difficult in some cases for small and medium-sized companies (SMEs). A lack of resources such as budgets and specialists represents significant obstacles here. Security solutions must therefore be simple and resource-saving in several respects - from investment and implementation to daily use and maintenance.
The most important findings of the study
🔎 The survey shows what IT security is like in medium-sized businesses (Image: DriveLock).
In medium-sized businesses, the importance of IT security has increased - from 55 percent four years ago to 70 percent now. However, there is still room for improvement: 21 percent of the companies surveyed implement security measures irregularly and without a clear strategy, while 8 percent only react after a security incident. These results show the need for consistent implementation of security measures.
A key obstacle to implementing comprehensive IT security measures is the perceived cost. Half of companies without a clear security strategy avoid investing in security because the costs are too high. Lack of time is another problem, which is why 40 percent of the companies surveyed operate without a concrete security strategy. Interestingly, almost 30 percent of these companies give themselves a false sense of security and assume that they will not fall victim to cyberattacks. However, this recklessness can lead to significant financial and non-monetary damage.
Further security solutions in focus
🔎 Ranking: The 6 most important reasons for a lack of cybersecurity (Image: DriveLock).
Furthermore, the usual security classics form the basis for the majority of companies. Companies with an established security strategy also rely on more advanced security solutions. An important and right decision. Given the increasing sophistication of cyberattacks and changes in corporate structure, such as the adoption of cloud infrastructure and remote work, adapting security measures is essential. Companies should rethink their security strategies and recognize the importance of multi-layered security measures to effectively protect themselves against cyber threats.
Looking at the operating models of IT security in companies, it can be seen that 79 percent of those surveyed operate it either completely or largely in-house, despite the lack of skilled workers. When asked about their wishes, almost 60 percent of those surveyed still said they wanted to manage the entire IT security themselves. A result with a significant discrepancy to existing human resources and corresponding specialist expertise in SMEs.
More at DriveLock.com
About DriveLock The German company DriveLock SE was founded in 1999 and is now one of the leading international specialists for IT and data security with branches in Germany, France, Australia, Singapore, the Middle East and the USA. In times of digital transformation, the success of companies depends to a large extent on how reliably people, companies and services are protected against cyber attacks and the loss of valuable data. DriveLock is committed to protecting corporate data, devices and systems. For this purpose, the company relies on the latest technologies, experienced security experts and solutions based on the zero trust model. In today's security architectures, zero trust means a paradigm shift based on the maxim "Never trust, always verify". In this way, data can be reliably protected even in modern business models.