The perceived IT security in Germany has decreased

What about IT security in Germany? The short answer is: bad. The corona pandemic and the Ukraine war are affecting the mood. A detailed picture of the situation is contained in the new magazine “Cybersecurity in Figures” from G DATA CyberDefense and Statista. The employee survey contained therein shows the biggest problem areas of digitization in Germany: lack of skilled workers and fear of cyber attacks.

The corona pandemic and the Ukraine conflict have left their mark on IT security. people feel less safe. The G DATA Index – Cyber Security has fallen by two percent within a year. In other words, the sense of security in Germany has decreased. In particular, the index values have fallen for knowledge competence and the feeling of security.

At the same time, the perception of risk has decreased. It is noticeable that the development in individual age groups differs. The index is unchanged for younger people under 30 years of age. In contrast, in the age groups up to 49 years and up to 64 years it fell by three points to 97. It is astonishing that the index has even risen among older people over 65, to 103. In this age group, the perceived IT security has risen against the trend.

Major shortage of personnel in IT security

The survey shows how big the staff shortage is in IT. Overall, 36 percent of those surveyed complained about a lack of employees in the IT area. The situation is much more dramatic for small companies. In companies with fewer than 50 employees, 68 percent speak of a lack of staff. In large companies with more than 1,000 employees, the figure is only 11.3 percent.

The survey also reveals clear differences among IT specialists in the sectors. Accommodation and gastronomy (64 percent), art, leisure, sports and recreation (56.3 percent) and the construction industry (56.3 percent) complain about the greatest shortage of staff. The situation is much more relaxed in telecommunications and IT (10 percent), finance and insurance (13.7 percent) and public services (14.4 percent).

READ: What is MIM?

It is therefore not surprising that the majority are urgently looking for staff in all IT areas. Companies have the greatest need in the area of IT security. More than 44 percent of those surveyed from large companies see a need for urgent action at this point. But there is also an urgent need for employees in medium-sized companies with 50 to 999 employees. In other departments such as IT system management or software development, the pressure to act is significantly lower.

A lack of IT security staff is almost an invitation for cybercriminals, similar to a front door that is not sufficiently locked. Because there is a lack of expertise, for example to evaluate log files or to correctly configure the endpoint protection solution. Appropriate know-how is also essential for preparing for an IT emergency, for example in order to define a backup strategy and to check that it is working.

When it comes to filling vacancies, companies use the well-known application channels. However, there are differences in terms of company size. Smaller companies (< 50 employees) use social media particularly intensively to find new employees (38.1 percent). In companies with more than 1,000 employees, only every fifth company uses these channels for recruiting measures. Large companies focus in particular on the company’s own career pages and job exchanges. But the recommendation of your own employees is also a frequently used means of finding specialists.

Fear of an IT emergency

If there are no IT specialists to establish far-reaching IT security, the risk of falling victim to a cyber attack also increases. In the professional environment, one third of those surveyed rated the risk of suffering a cyber attack as high or very high. In the private sphere, the proportion is higher – at 38 percent: One possible reason: Many people lack the skills to protect themselves and their digital devices accordingly.

READ: What is Security Awareness?

Here, too, there are clear differences in the risk assessment depending on the size of the company. Worries about attacks are highest in companies with 50 to 999 employees – 39 percent of those surveyed fear an attack. At 25 percent, this proportion is significantly lower in small companies with fewer than 50 employees. Apparently, there is still a belief that small businesses are not a worthwhile target for cybercriminals. However, that was and still is a fallacy. The decision as to whether an attack is worthwhile or not is made by the perpetrators, not the victims.

As of 10/30/2020

It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. You can find detailed information in our data protection declaration.

Consent to the use of data for advertising purposes

I agree that Vogel IT-Medien GmbH, Max-Josef-Metzger-Straße 21, 86157 Augsburg, including all companies affiliated with it within the meaning of Sections 15 et seq. AktG (hereinafter: Vogel Communications Group) my E e-mail address for sending editorial newsletters. Lists of the respective associated companies can be accessed here.

The content of the newsletter extends to the products and services of all the companies mentioned above, including, for example, trade journals and specialist books, events and trade fairs as well as event-related products and services, print and digital media offers and services such as other (editorial) newsletters, competitions, lead campaigns, Market research in the online and offline area, subject-specific web portals and e-learning offers. If my personal telephone number was also collected, it may be used for submitting offers for the aforementioned products and services from the aforementioned companies and for market research.

If I call up protected content on the Vogel Communications Group portals, including its affiliated companies within the meaning of §§ 15 ff. AktG, I have to register with additional data for access to this content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here.

READ: What Is An Endpoint Protection Platform?

right of revocation

I am aware that I can revoke this consent at any time for the future. My revocation does not affect the legality of the processing carried out on the basis of my consent up to the time of revocation. In order to declare my revocation, I can use the contact form available at as one option. If I no longer wish to receive individual newsletters to which I have subscribed, I can also click on the unsubscribe link at the end of a newsletter. I can find more information about my right of withdrawal and how to exercise it, as well as the consequences of my withdrawal, in the data protection declaration, section Editorial newsletters.

The study by G DATA and Statista shows that there is no such thing as 100% IT security. For many years, cyber security was primarily an issue for the IT department that management only wanted to deal with selectively. That was and is a misjudgment. IT security may begin with technology. But that’s not the end of it. Managers in particular must set an example of a good error culture and encourage employees to admit mistakes.

About “Cybersecurity in Numbers”

“Cybersecurity in Figures” is characterized by a high density of information and particular methodical depth: As data specialists, the researchers and market researchers from Statista have combined numbers, data and facts from more than 300 statistics into a unique complete work. More than 5,000 employees in Germany were surveyed as part of a representative online study on cyber security in a professional and private context. Statista’s experts followed the survey closely and, thanks to a sample size that is well above the industry standard, are able to present reliable and valid market research results in the magazine “Cybersecurity in Numbers”.