It is not attacks from outside that pose the greatest risk to the IT security of companies, but rather their own employees. The DriveLock study recorded the causes and consequences of IT security incidents in medium-sized companies and provides an outlook on the future of IT security. Security from the cloud.
IT security incidents - causes and consequences
In the past two years, around 61% of medium-sized companies have had an IT security incident. The list with the most cyber attacks is headed by industry (74%) with its networked production facilities and often outdated IT systems.
The industry saw the most attacks by malware (37%) such as viruses, Trojans or worms. Cyber criminals are increasingly using another popular attack method in trading (38%): phishing. Trick scams are simple but effective and are therefore used more and more frequently. Cyber criminals send deceptively fake emails or SMS and steal the access data after clicking on the manipulated link.
The greatest risk to IT security is the human factor. In an average of 46% of the cases, the carelessness of the employees triggered the security incident - for example through weak passwords, opening e-mail attachments or using public Internet access. In the case of large companies, the incident was caused by their own employees in 68% of the cases.
As a result, the vast majority (65%) would like more employee-centered measures to improve the safety awareness of the workforce. Likewise, more than half of the large companies (55%) advocate a holistic security concept for comprehensive protection against cyber attacks.
If an intruder manages to get into the system, he should be detected as soon as possible. However, 43% of the companies surveyed fear that they will recognize security problems too late or not at all. In terms of costs (48%), competitive disadvantages (26%) or loss of image (26%), large companies tend to feel more threatened by inadequate IT security than smaller companies. After all, security incidents can have serious consequences. They lead to a cost explosion both internally (38%) and externally (29%). For larger companies in particular, security incidents mean considerable additional internal effort (47%), which in many cases also interrupts work processes (42%) and has a lasting effect on productivity (37%).
IT security from the cloud
Is the future of IT security in the clouds? The use of cloud-based security solutions differs depending on the size of the company. In contrast to smaller companies, large companies seem particularly cloud-savvy: Over half (55%) already rely on IT security services from the cloud. They particularly appreciate their fast availability (56%) and their high level of data security (48%). The use of the cloud also differs depending on the industry: While retail (31%) and the service sector (30%) in particular rely on the cloud, public institutions are more hesitant: half do not obtain IT security services from the cloud and do not plan to do so not in the future. The main arguments they cite are wanting to retain sovereignty over their IT security (80%) or not having confidence in the data security of cloud services (60%).
But cyber attacks are becoming more common and more sophisticated. In addition, criminals do not differentiate between industries and company sizes. Everyone is a possible target. Therefore, companies, regardless of their size, should by no means underestimate the cyberattacks, which can permanently impair their integrity, stability and productivity. Holistic IT security concepts - whether on-premise or from the cloud - and security training for employees are a must in the digital era in order to be able to protect company systems comprehensively and in a contemporary manner.
The key data of the study
Over 200 companies with a maximum of 999 employees from various industries were surveyed for the study: 33% from the service sector, 27% from industry, 13% from trade, 10% from the public and 8% from the financial sector. Companies with 50-249 employees were surveyed most frequently, followed by companies with 250-499 (24%) and 10-49 employees (23%). 15% of the study participants were large companies with 500-999 employees. IT managers, CIOs as well as IT employees, administrators and specialists made up a good half. The second half consisted of other C-level positions - including CISOs, compliance specialists and security and data protection officers.
Go directly to the study at DriveLock
About DriveLock The German company DriveLock SE was founded in 1999 and is now one of the leading international specialists for IT and data security with branches in Germany, France, Australia, Singapore, the Middle East and the USA. In times of digital transformation, the success of companies depends to a large extent on how reliably people, companies and services are protected against cyber attacks and the loss of valuable data. DriveLock is committed to protecting corporate data, devices and systems. For this purpose, the company relies on the latest technologies, experienced security experts and solutions based on the zero trust model. In today's security architectures, zero trust means a paradigm shift based on the maxim "Never trust, always verify". In this way, data can be reliably protected even in modern business models.