Current study by Arctic Wolf: The majority of managers in Germany consider their company to be well positioned in terms of IT security – despite costly security incidents for almost half of the respondents. […]
A recent study by Arctic Wolf shows that seven out of ten (70 percent) German executives consider their companies to be just as safe or safer than those of their European competitors. In addition, 84 percent have confidence in the ability of their employees to detect a cyber attack. Despite this generally high level of confidence in their own cyber defenses, however, almost half (45 percent) of the companies surveyed have suffered damage of at least 86,000 euros in connection with a security incident in the last twelve months. In addition, less than half of the companies (42 percent) conduct security training more than once a year.
The Arctic Wolf study surveyed 1,700 IT decision-makers and executives worldwide, including 300 from Germany, and was conducted by Sapio Research. After a year with a large number of cyber attacks, the survey data shows how managers feel about different cybersecurity and business topics.
Companies willing to pay ransom despite confidence in security defense
IT decision-makers and executives in Germany have great confidence in the IT security measures of their companies. For example, 70 percent believe that their company is just as secure or safer than that of their European competitors. Furthermore, almost four out of ten (37 percent) executives believe that cyber attacks pose no threat to them at all, even though threats and security incidents have increased significantly in the last year.
Despite the general confidence, almost 60 percent of managers would be willing to pay at least 50,000 euros to threat actors in order to resume business operations, e.g. in the event of a ransomware attack. Only one out of four companies stated that they were not already paying a ransom at all. 30 Percent of respondents also admitted that their company had knowingly concealed a security incident in order to protect the company’s reputation.
“Rapidly changing cyber threats and a false confidence in cyber protection create an enormous, often hidden business risk. Unfortunately, many companies are not aware of these risks before they are hit by a cyber attack,“ says Dr. Sebastian Schmerl, Director of Security Services for EMEA at Arctic Wolf. “Those responsible who rely only on the implementation of preventive security controls to secure their company run the risk of overlooking risks – both in their way of thinking and in their design. Today’s highly complex IT infrastructures and the impossibility of 100 percent preventive protection against attackers underline the importance of security operations. These are crucial for setting up 24×7 threat monitoring and response. This allows security incidents to be detected quickly, appropriate measures to be taken and costly attacks to be avoided.“
Private sector skeptical about government’s ability to contain cyber threats
Despite the ongoing geopolitical discussions about ransomware, only 16 percent of business leaders consider diplomacy to be effective in containing cyberattacks. On the other hand, 25 percent believe that better relations between the public and private sectors could help contain the cyber crisis.
More than half (51 percent) of executives in Germany rate Russia as the source of the most dangerous cyber threats to their company. China (43 percent) is ranked as the second highest threat. In comparison, less than half of executives (41 percent) from the UK and North America see Russia as the most dangerous nation-state in terms of cyber attacks.