The perceived IT security in Germany has decreased

What about IT security in Germany? The short answer is: bad. The corona pandemic and the Ukraine war are affecting the mood. A detailed picture of the situation is contained in the new magazine “Cybersecurity in Figures” from G DATA CyberDefense and Statista. The employee survey contained therein shows the biggest problem areas of digitization in Germany: lack of skilled workers and fear of cyber attacks.

The corona pandemic and the Ukraine conflict have left their mark on IT security. people feel less safe. The G DATA Index – Cyber ​​Security has fallen by two percent within a year. In other words, the sense of security in Germany has decreased. In particular, the index values ​​have fallen for knowledge competence and the feeling of security.

At the same time, the perception of risk has decreased. It is noticeable that the development in individual age groups differs. The index is unchanged for younger people under 30 years of age. In contrast, in the age groups up to 49 years and up to 64 years it fell by three points to 97. It is astonishing that the index has even risen among older people over 65, to 103. In this age group, the perceived IT security has risen against the trend.

Major shortage of personnel in IT security

The survey shows how big the staff shortage is in IT. Overall, 36 percent of those surveyed complained about a lack of employees in the IT area. The situation is much more dramatic for small companies. In companies with fewer than 50 employees, 68 percent speak of a lack of staff. In large companies with more than 1,000 employees, the figure is only 11.3 percent.

The survey also reveals clear differences among IT specialists in the sectors. Accommodation and gastronomy (64 percent), art, leisure, sports and recreation (56.3 percent) and the construction industry (56.3 percent) complain about the greatest shortage of staff. The situation is much more relaxed in telecommunications and IT (10 percent), finance and insurance (13.7 percent) and public services (14.4 percent).

READ:  What is MIM?

It is therefore not surprising that the majority are urgently looking for staff in all IT areas. Companies have the greatest need in the area of ​​IT security. More than 44 percent of those surveyed from large companies see a need for urgent action at this point. But there is also an urgent need for employees in medium-sized companies with 50 to 999 employees. In other departments such as IT system management or software development, the pressure to act is significantly lower.

A lack of IT security staff is almost an invitation for cybercriminals, similar to a front door that is not sufficiently locked. Because there is a lack of expertise, for example to evaluate log files or to correctly configure the endpoint protection solution. Appropriate know-how is also essential for preparing for an IT emergency, for example in order to define a backup strategy and to check that it is working.

When it comes to filling vacancies, companies use the well-known application channels. However, there are differences in terms of company size. Smaller companies (< 50 employees) use social media particularly intensively to find new employees (38.1 percent). In companies with more than 1,000 employees, only every fifth company uses these channels for recruiting measures. Large companies focus in particular on the company’s own career pages and job exchanges. But the recommendation of your own employees is also a frequently used means of finding specialists.

Fear of an IT emergency

If there are no IT specialists to establish far-reaching IT security, the risk of falling victim to a cyber attack also increases. In the professional environment, one third of those surveyed rated the risk of suffering a cyber attack as high or very high. In the private sphere, the proportion is higher – at 38 percent: One possible reason: Many people lack the skills to protect themselves and their digital devices accordingly.

READ:  What is Security Awareness?

Here, too, there are clear differences in the risk assessment depending on the size of the company. Worries about attacks are highest in companies with 50 to 999 employees – 39 percent of those surveyed fear an attack. At 25 percent, this proportion is significantly lower in small companies with fewer than 50 employees. Apparently, there is still a belief that small businesses are not a worthwhile target for cybercriminals. However, that was and still is a fallacy. The decision as to whether an attack is worthwhile or not is made by the perpetrators, not the victims.

The study by G DATA and Statista shows that there is no such thing as 100% IT security. For many years, cyber security was primarily an issue for the IT department that management only wanted to deal with selectively. That was and is a misjudgment. IT security may begin with technology. But that’s not the end of it. Managers in particular must set an example of a good error culture and encourage employees to admit mistakes.

About “Cybersecurity in Numbers”

“Cybersecurity in Figures” is characterized by a high density of information and particular methodical depth: As data specialists, the researchers and market researchers from Statista have combined numbers, data and facts from more than 300 statistics into a unique complete work. More than 5,000 employees in Germany were surveyed as part of a representative online study on cyber security in a professional and private context. Statista’s experts followed the survey closely and, thanks to a sample size that is well above the industry standard, are able to present reliable and valid market research results in the magazine “Cybersecurity in Numbers”.