estimated reading effort: 2 minutes

Last Friday it was that time again: IDC Germany virtually gathered a handful of press representatives and company spokespersons around it. Topic of the digital meeting: A study on the general security situation in Germany. Specifically, aspects such as expected cyber attacks, focus on security issues and willingness to invest were queried. A summary in tweets.

First of all, it should be noted that around half of all companies surveyed expect a slight (34%) to strong increase (17%) in cyber attacks in the next 12 months. So much for the realism of German companies. However, it is not entirely clear on which planet the 12% who expect a slight to strong decrease in hacker attacks live. Anyone?!

If you take a closer look at the topics that security experts in German companies deal with, it is noticeable that the usual suspects lead the top 3: cloud security (34%), endpoint security (22%) and secure backups/disaster recovery (19%). So far, so understandable. But it is not really clear why, of all things, Identity & Access Management (IAM) hardly seems to interest anyone at 8%. Poorly or not at all protected user accounts are considered to be one of the main entry points from a hacker’s point of view.

Skills shortage as far as the eye can see. Whether it’s their favorite café around the corner or the supermarket, everyone is desperately looking for qualified people. When it comes to cybersecurity, things are a little more dramatic, because the experts you need there cannot simply be trained overnight. Especially since around 66 percent of all respondents stated that their security environment is becoming increasingly complex and unmanageable. How good that it increasing security-as-a-service offerings are designed to help companies cope better with precisely this complexity.

If you take a closer look at the top 5 expenditures on required security measures, you will notice that disciplines such as disaster recovery, vulnerability management and EDR/XDR do not appear here either. Also: A little further up in this article, you can see that the safety officers of many companies in this country do not deal with these topics at all or not enough. Which at the end of the day can turn out to be a real mistake.

And what might be the reason for the money not ending up where it is urgently needed in terms of cyber security? Well, just take a look at the next graphic. The shows that the topic of security is perceived quite well (61%) in the management and board of directors in this country. On the one hand.

On the other hand, there is often a lack of insight into adequately implementing security measures. This includes, for example, the implementation of a required zero trust strategy, which is surprising given the urgency of this topic.

By admin