A survey of 500 employees in IT security teams shows that corporate security is lagging behind in terms of protective measures in view of the increased threat situation. Compared to the previous year, only almost half as many German companies are optimally prepared for security incidents.
Since the beginning of the war in Ukraine, the IT security situation in German companies and around the world has worsened again: More than two thirds (68 percent) of the IT security teams in Germany have since registered an increase in security incidents, 43 percent of them report significantly more incidents than before.
Many IT security teams do not see themselves well positioned
However, many companies were apparently unable to keep up with the rapidly increasing threat situation. The number of IT security employees who see their company as optimally prepared in the event of a security incident has almost halved compared to the previous year (-46 percent). These are the results of the current study "OTRS Spotlight: Corporate Security", for which OTRS AG, in cooperation with the market research company Pollfish, surveyed 500 employees in IT security teams worldwide about the status quo and the development of cyber security in their companies, including 100 in Germany.
Lack of staff becomes a security risk
Who has to do what in the event of a security incident and who is responsible for what is clearly defined in the vast majority of companies (94 percent). The factors that make it difficult for employees to secure the company's IT as well as possible and to be able to react as quickly and comprehensively as possible in an emergency are different.
Above all, there is obviously a lack of staff. Although hiring additional employees for your own Security Operations Center (SOC) is rated internationally as one of the three most useful measures to deal with the increased number of security incidents, only around three out of ten German companies affected by an increase (31 percent) increased their staff.
IT security does not receive the attention it deserves
The fact that this does not cover the actual need for personnel is also shown by the call for personnel relief among the 47 percent of those surveyed who believe that IT security is not receiving enough attention in their company. In this group, the demand for investment in additional labor comes first at 49 percent. The desire for more investment in software (45 percent) follows closely behind. Infrastructure (43 percent) and safety training for all employees (32 percent) complete the list of investments considered necessary. Internationally, teams in Germany and Mexico are the most dissatisfied overall with how IT security is handled in their company, while satisfaction in the USA is highest at 68 percent.
Growth in the incident management teams
Despite everything, there is also a positive trend in personnel development in Germany: Compared to the previous year, the teams responsible for incident management have grown. In 2021 nine percent of the teams consisted of only one person, this year it is only one percent. The same development can be observed across all markets examined.
From the point of view of Christopher Kuhn, COO of OTRS AG, this is no reason to give the all-clear: “The threat situation in cyberspace will not ease in the foreseeable future, but will only tend to increase further. Companies therefore urgently need to upgrade their IT security and go a whole step further in the battle for talent. In concrete terms, this means: setting incentives for qualified specialists and also getting involved in training and further education, for example in order to get lateral entrants on board and to retain employees.”
Short-term measures as a sign of insufficient preparation
In order to cope with the increased number of security incidents since the beginning of the war in Ukraine, companies have primarily opted for short-term measures. With 54 percent each, they reacted most frequently by firstly checking and adapting their IT systems with regard to updates, backups and secure employee logins and secondly by training all their employees to sensitize them to security issues. Just over a third (37 percent) have also implemented software to monitor, detect and prevent security incidents.
Software was less frequently introduced to respond to and manage security incidents (28 percent). Blacklists to block data traffic from Russia were also introduced less frequently - in Germany at 22 percent, however, more frequently than the average for the other markets examined (16 percent). Just as often (22 percent) the response was to introduce an incident management plan.
About the background of the survey
The data used is based on an online survey by Pollfish Inc., in which 500 employees in IT security teams in Germany, the USA, Brazil, Mexico and Singapore took part between October 06.10.2022th, 22.10.2022 and October 100nd, 2021, including XNUMX in Germany. The same survey was conducted in XNUMX, with the exception of questions about developments since the beginning of the war in Ukraine. The results of this survey were used for the comparison with the previous year.
More at OTRS.com
About the OTRS
OTRS AG is the manufacturer and the world's largest service provider for the Enterprise Service Management Suite OTRS, awarded the SERVIEW CERTIFIED TOOL seal of approval. It offers companies industry-independent solution management for structured communication in customer service, IT service management and security management.