SME study: Cybersecurity in German medium-sized companies

SME study: Cybersecurity in German medium-sized companies

Share post

A new edition of the study “IT Security in SMEs” currently provides information about the state of cybersecurity in German SMEs. It also becomes clear that the topic is much more important than before. But there is still a lot of room for improvement.

The answers from the companies surveyed show that the importance of cybersecurity in companies has become more important and is therefore perceived as important. However, implementing effective IT protection is still difficult in some cases for small and medium-sized companies (SMEs). A lack of resources such as budgets and specialists represents significant obstacles here. Security solutions must therefore be simple and resource-saving in several respects - from investment and implementation to daily use and maintenance.

The most important findings of the study

🔎 The survey shows what IT security is like in medium-sized businesses (Image: DriveLock).

🔎 The survey shows what IT security is like in medium-sized businesses (Image: DriveLock).

In medium-sized businesses, the importance of IT security has increased - from 55 percent four years ago to 70 percent now. However, there is still room for improvement: 21 percent of the companies surveyed implement security measures irregularly and without a clear strategy, while 8 percent only react after a security incident. These results show the need for consistent implementation of security measures.

A key obstacle to implementing comprehensive IT security measures is the perceived cost. Half of companies without a clear security strategy avoid investing in security because the costs are too high. Lack of time is another problem, which is why 40 percent of the companies surveyed operate without a concrete security strategy. Interestingly, almost 30 percent of these companies give themselves a false sense of security and assume that they will not fall victim to cyberattacks. However, this recklessness can lead to significant financial and non-monetary damage.

Further security solutions in focus

🔎 Ranking: The 6 most important reasons for a lack of cybersecurity (Image: DriveLock).

🔎 Ranking: The 6 most important reasons for a lack of cybersecurity (Image: DriveLock).

Furthermore, the usual security classics form the basis for the majority of companies. Companies with an established security strategy also rely on more advanced security solutions. An important and right decision. Given the increasing sophistication of cyberattacks and changes in corporate structure, such as the adoption of cloud infrastructure and remote work, adapting security measures is essential. Companies should rethink their security strategies and recognize the importance of multi-layered security measures to effectively protect themselves against cyber threats.

Looking at the operating models of IT security in companies, it can be seen that 79 percent of those surveyed operate it either completely or largely in-house, despite the lack of skilled workers. When asked about their wishes, almost 60 percent of those surveyed still said they wanted to manage the entire IT security themselves. A result with a significant discrepancy to existing human resources and corresponding specialist expertise in SMEs.

More at


About DriveLock

The German company DriveLock SE was founded in 1999 and is now one of the leading international specialists for IT and data security with branches in Germany, France, Australia, Singapore, the Middle East and the USA. In times of digital transformation, the success of companies depends to a large extent on how reliably people, companies and services are protected against cyber attacks and the loss of valuable data. DriveLock is committed to protecting corporate data, devices and systems. For this purpose, the company relies on the latest technologies, experienced security experts and solutions based on the zero trust model. In today's security architectures, zero trust means a paradigm shift based on the maxim "Never trust, always verify". In this way, data can be reliably protected even in modern business models.


Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more