Why German SMEs need simple and robust cyber securit
DriveLock SE, leading specialist for innovative IT security solutions from Germany, publishes the results of the joint study with techconsult GmbH on the current state of IT security in German SMEs – a new edition of the “IT Security in SMEs” study from 2019. The responses of the companies surveyed reveal: The importance of cybersecurity in companies has increased and is perceived as important accordingly. However, implementing effective IT protection is still difficult for some small and medium-sized enterprises (SMEs). A lack of resources such as budgets and skilled workers are considerable obstacles here. Security solutions must therefore be simple and resource-efficient in several respects – from investment and implementation to daily use and maintenance
The most important findings of the study:
The importance of IT security has increased in SMEs – from 55 percent four years ago to 70 percent now. Nevertheless, there is still room for improvement: 21 percent of the companies surveyed implement security measures irregularly and without a clear strategy, while 8 percent even react only after a security incident. These results show the need for consistent implementation of security measures.
A key obstacle to the implementation of comprehensive IT security measures is the perceived cost. Half of the companies without a clear security strategy avoid security investments because the costs are too high. Lack of time is another problem, which is why 40 percent of the companies surveyed act without a concrete security strategy. Interestingly, almost 30 percent of these companies lull themselves into a false sense of security and assume that they will not fall victim to cyber attacks. However, this carelessness can lead to considerable financial and non-monetary damage.
Furthermore, the usual security classics form the basis for the majority of companies. Companies with an established security strategy additionally rely on more advanced security solutions. An important and correct decision. Given the increasing sophistication of cyber attacks and changes in corporate structure, such as the introduction of cloud infrastructures and remote working, it is essential to adapt security measures. Companies should rethink their security strategies and recognise the importance of layered security measures to effectively protect themselves from cyber threats.
Looking at the operating models of IT security in companies, it can be seen that 79 per cent of respondents either run it completely or mostly in-house, despite a shortage of skilled workers.
Asked about their wishes, almost 60 percent of respondents still say they want to manage all IT security themselves. A result with significant discrepancy to existing personnel resources and corresponding expertise in SMEs.
Arved Stackelberg, CEO of DriveLock, explains the discrepancy as follows: “Several factors come into play here. On the one hand, SMEs have traditionally tried to regulate IT security themselves – often without the necessary expert knowledge and sufficient resources to actually protect themselves effectively. On the other hand, there is still a certain mistrust of cloud-based solutions – keyword sovereignty. Yet cloud-based solutions offer significant advantages. They are quickly available and require less investment in infrastructure and human resources. And again to the keyword sovereignty: Here there are sensible alternatives in Germany and Europe. Our DriveLock solutions are cloud-based and Made in Germany. With our many years of experience in medium-sized businesses, we bring companies to a higher level of security in a very short time. This saves time and costs while consistently protecting digital workplaces.”
Raphael Napieralski, analyst at techconsult GmbH, makes it clear: “The threat situation in the area of cybersecurity is more acute than ever, and it is time to protect yourself proactively. From prioritising IT security to integrating it into the corporate strategy – this is the only way to ensure comprehensive protection. Multi-layered security solutions are the fortress against cyber criminals. However, strengthening IT security goes beyond technology, because people remain the weakest link in the chain. Training and awareness-raising are key to minimising threats.”