BSI business survey: The home office situation in pandemic times increases the attack surface for cyber criminals and thus has an impact on the information security of commercial enterprises in Germany.
That is the result of a representative survey of 1.000 companies and operations that the Federal Office for Information Security (BSI) presented today at a digital press conference in Bonn. Further results at a glance:
- Corona has more than doubled the number of home office workplaces. 58% of the companies surveyed want to maintain or expand the offer even after the pandemic.
- Companies that want to establish home offices prefer digitization projects.
- 2/3 of the large companies perceive the pandemic as a digitization turbo.
- Private IT attack surface: Only 42% of companies only use their own IT.
- Over 50% of companies invest less than 10% of IT spending in cyber security. The BSI recommends investing up to 20% of the IT budget in security.
- The smaller the company, the more serious the consequences. For micro and small businesses with fewer than 50 employees, one in four cyberattacks can have existential consequences.
- Although inexpensive, simple security measures such as mobile device management, emergency exercises or the principle “IT security is a matter for the boss” are not sufficiently implemented.
Home office is here to stay. However, IT security has not yet reached the budgets, processes and minds of companies enough. The digitization turbo Corona is driving IT projects in companies. Our survey confirms that. As the federal cyber security authority, we urge that digitization and IT security be conceived and implemented as one unit. Anyone who sets the course for solid information security in their infrastructure now will secure their future - in difficult pandemic times and beyond, says Arne Schönbohm, President of the BSI.
Germany: 12 million in the home office
In the pandemic, twelve million workers switched to home offices in Germany alone. This is not a snapshot, but determines the new normal in the long term. When many people switched to the home office spontaneously, IT security too often did not play a role. Mobile work requires the right balance between user-friendly access to company data and IT protection. Robust and risk-based IT security management, employee training and well thought-out emergency concepts are required. Security is not a one-off project, security is a continuous process, says Achim Berg, President of Bitkom eV
For the study as a PDF at BSI.bund.de