Cybersecurity: Half of companies in Germany do not even have basic protection in place

July 31, 2023

  • One in three companies has no password policy
  • 37.0 percent do not regularly train their employees on topics such as spam or phishing

Companies in Germany lack basic cybersecurity measures, this is one of the key messages of the current Kaspersky study “Incident Response for Prevention – Why Companies in Germany are Poorly Prepared for Cyber Attacks and How to Become More Cyber Resilient Thanks to Incident Response Methods” [1]. This is because although even simple steps can increase security levels, only 64.5 percent implement password policies, 58.0 percent create backups and 54.0 percent use multi-factor authentication.

According to the TÜV Association, decision-makers in one in nine financial organizations suffered a security incident last year [2]; furthermore, according to Bitkom, cyberattacks on German companies caused total damage of around 203 billion euros [3]. Decision-makers should therefore be aware that a preventive and sustainable cybersecurity strategy is a “must” for sustainable cyber protection. However, the status quo of security measures at some companies in Germany is sobering, as the recent Kaspersky study “Incident Response for Prevention” shows.

Password policies, backups, employee training? Not necessary

As the Kaspersky survey finds, many companies lack basic security measures: Password policies (64.5 percent), backup creation (58.0 percent) or multi-factor authentication (54.0 percent) are used by too few companies to date. These are fundamental measures that, together with a dedicated cybersecurity solution, provide basic protection against attacks.

Furthermore, 37.0 percent of companies in Germany do not regularly train their employees on topics such as spam or phishing – the classic gateways for cybercriminals to obtain access data. The crux of the matter is that the days of poorly written spam and phishing emails full of spelling errors are long gone. Today, they can hardly be distinguished from real messages. However, only slightly more than half (54.5 percent) of companies use anti-phishing software to protect themselves against this. In addition, only one in three companies (35.5 percent) currently has a patch management policy in place. Yet security vulnerabilities in applications and operating systems are among the most common attack vectors in enterprises.

“Patching is always a challenge. On the one hand, it’s relatively easy to plug security holes, but on the other hand, the process is usually a bit more complicated than you think,” says Kai Schuricht, Lead Incident Response Specialist at Kaspersky, about the lack of patch management in companies. “If companies decide to update their systems, this takes some time. This is because they first have to be tested, released and then distributed. This takes time and, of course, increases the window of opportunity for systems to be vulnerable. The time window for successful attacks is also extended. Appropriately thought-out and thus efficient patch management can provide support here and take into account the different requirements of, for example, IT security and production at the same time.”

The full Kaspersky study “Incident Response for Prevention – Why Companies in Germany are Poorly Prepared for Cyber Attacks and How They Can Become More Cyber Resilient Thanks to Incident Response Methods” is available at https://kas.pr/ir-report_de

[1] https://kas.pr/ir-report_de / The survey was conducted by Arlington Research on behalf of Kaspersky in June 2023. A total of 200 IT decision-makers in Germany, 50 in Austria and 50 in Switzerland were surveyed on the subject of incident response and cyber security.

[2] https://www.tuev-verband.de/pressemitteilungen/gut-jedes-zehnte-unternehmen-erfolgreich-gehackt

[3] https://www.bitkom.org/Presse/Presseinformation/Wirtschaftsschutz-2022

Useful links:

Kaspersky study “Incident Response for Prevention – Why companies in Germany are ill-prepared for cyber attacks and how they can become more cyber-resilient thanks to incident response methods”: https://kas.pr/ir-report_de

Kaspersky Incident Response: https://www.kaspersky.de/enterprise-security/incident-response

Related Articles

All news in 2025

All news in 2025

12.02.2025 SUPER‘ races safely through treacherous terrain 12.02.2025 Integrated security strategies for critical infrastructures – insights and challenges from the BKS GU white paper 11.02.2025 International ransomware operation hits 8base – a warning sign for the...

SUPER‘ races safely through treacherous terrain

SUPER’ is the name given by roboticists at the University of Hong Kong (https://www.hku.hk/) to their new flying robot, which is designed to move through unknown terrain at a higher speed than competing drones – and without touching any obstacles. The vehicle is even...

Share This