IT security: NIS-2 makes it a top priority

IT security: NIS-2 makes it a top priority

Share post

Only in a quarter of German companies do management take responsibility for IT security. This is especially the case in smaller companies. The larger the company, the less often the bosses feel responsible.

Whether small and medium-sized companies or corporations: In only 25 percent of German companies does the management take responsibility for IT security. This is proven by the representative study “Cybersecurity in Numbers” by G DATA CyberDefense AG, Statista and brand eins.

Cyber ​​attacks on companies and institutions cause high costs and illustrate the importance of extensive IT security measures. With the NIS 2024 guideline coming into force in October 2, the executive floor is no longer allowed to delegate IT security.

NIS-2 increases the pressure and makes management responsible

Should IT security be a top priority? Definitely! Due to the increasing digitalization of work and production processes in companies, cybersecurity is no longer a sideshow and should be a top priority for company management. Cyber ​​attacks are very expensive and quickly become life-threatening. According to the representative study “Cybersecurity in Numbers” by G DATA CyberDefense, Statista and brand eins, management most often transfers responsibility for security precautions against cyberattacks to the IT department. In only a quarter of German companies, management sees the need to be responsible for implementing and maintaining protective measures themselves. With NIS-2 at the latest, the pressure on many board members will increase and they will be legally obliged to take the issue of IT security seriously. If they fail to comply, they may also be held personally liable.

“IT security is by law a top priority,” explains Tim Berghoff, Security Evangelist at G DATA CyberDefense. “The NIS 2 guideline also makes management directly responsible and no management or board can shift this responsibility. If those responsible do not take the implementation and monitoring of IT security measures seriously, they are personally liable and violations also result in high fines.”

Small business leaders are more likely to make IT security a priority

The exclusive survey also shows that the larger a company is, the less responsibility lies with top management. Only one in ten companies with 1.000 or more employees has management responsible for IT security. This is fatal with regard to NIS-2. And time is running out. What is surprising, however, is that in 40 percent of small companies with fewer than 50 employees, responsibility for IT security already lies with the management or board of directors. Nevertheless, there is also an acute need to catch up among small companies, because in three out of five small companies IT security is not yet a top priority. There is an urgent need to catch up on this because the boardroom plays a key role in establishing a safety culture in the company.

Study "Cyber ​​Security in Numbers"

“Cybersecurity in Numbers” is characterized by a high level of information density and particular methodological depth: Statista’s researchers and market researchers have brought together numbers, data and facts from more than 300 statistics into a unique complete work. More than 5.000 employees in Germany were surveyed as part of a representative online study on cybersecurity in professional and private contexts. The experts at Statista closely monitored the survey and, thanks to a sample size that is well above the industry standard, are able to present reliable and valid market research results in the “Cybersecurity in Numbers” issue.

What does the NIS 2 directive mean for companies?

With NIS-2 (“Network and Information Security” Directive), security standards will apply across the EU for many companies and organizations in 18 critical sectors from October 2024, 18. This is intended to ensure a higher and uniform level of IT security in the EU. Highly critical sectors such as energy and public administration are particularly affected, but also providers who produce, process and sell food, for example.

More at


About G Data

With comprehensive cyber defense services, the inventor of the anti-virus enables companies to defend themselves against cybercrime. Over 500 employees ensure the digital security of companies and users. Made in Germany: With over 30 years of expertise in malware analysis, G DATA conducts research and software development exclusively in Germany. The highest standards of data protection are paramount. In 2011, G DATA issued a “no backdoor” guarantee with the “IT Security Made in Germany” seal of trust from TeleTrust eV. G DATA offers a portfolio from anti-virus and endpoint protection to penetration tests and incident response to forensic analyzes, security status checks and cyber awareness training to defend companies effectively. New technologies such as DeepRay use artificial intelligence to protect against malware. Service and support are part of the G DATA campus in Bochum. G DATA solutions are available in 90 countries and have received numerous awards.


Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

New wave of phishing: Attackers use Adobe InDesign

There is currently an increase in phishing attacks that abuse Adobe InDesign, a well-known and trusted document publishing system. ➡ Read more