TÜV Cybersecurity Study 2023

German companies see cyber risks as a serious threat: one in ten companies had an IT security incident in the last twelve months. Many companies expect an increase in cyber-attacks and are investing in IT security. Every second company is calling for stricter IT security regulations.

© Towfiqu barbhuiya via unsplash

Companies in Germany show a high awareness of cyber risks - these are almost without exception considered a serious threat to the economy and society. And these dangers are real. A good one in ten companies surveyed in this study recorded an IT security incident within twelve months prior to the survey. Phishing attacks, blackmail after ransomware attacks, circumvention of password protection, social engineering - the affected companies are confronted with all kinds of attack methods. The consequences of the incidents can be serious - financially and also for the reputation of the companies. It is true that successful attacks are usually detected quickly and rectified within a few days. In many cases, however, companies have to deal with the consequences of the attack for much longer. Experts assume that many successful cyber-attacks are only detected very late or not at all. 

Three out of ten companies expect to be targeted by cyber criminals in the next twelve months - organised gangs are particularly feared. The war in Ukraine is fuelling fears of more cyber-attacks. Accordingly, the commitment to securing their own IT systems is increasing - companies are investing in modern hardware and software and in their own know-how. One third see cloud services as an opportunity for more IT security - however, the same number of respondents would rather do without them in order to strengthen their own protection. Companies are weighing up here whether to take control of their own IT security themselves or place it in the hands of a cloud provider - both can make sense depending on the starting position. 

Cybersecurity plays a major role for large and medium-sized companies in particular - in smaller companies it is less important. There are also clear differences between individual sectors - for example, the role of IT security is particularly high in the service sector, but below average in trade. Cybersecurity can even promote growth - three quarters of the companies see it as a competitive advantage. 

A broad majority would like victims of cyber attacks to make them public in order to raise awareness of risks. In practice, however, this only happens in exceptional cases - apparently, the fear of a loss of reputation is too great. 

Last but not least, companies have high expectations of the legislator - a clear majority would like to see stricter regulations for cybersecurity in the business environment. They will help the security managers surveyed to raise awareness of the issue among management and to implement higher security standards in their companies. High importance is attributed to norms and standards for cybersecurity. They help the security managers surveyed to raise awareness of the topic among management and to implement higher security standards in their companies. A high significance is attributed to norms and standards for cybersecurity. A high proportion of companies comply with these or are oriented towards them. Certifications by external, independent assessment organisations also receive a high level of approval. 

The study report