Imperva study on cyber attacks: many German companies are not sufficiently prepared

ExtraHop wird von Bain Capital Private Equity und Crosspoint Capital Partners übernommen

State of Cybersecurity in Germany 2022

The threat situation from cyber attacks has worsened for the German companies examined in the last twelve months; at the same time, however, a large proportion of them are not adequately prepared for such attacks. That’s according to a study by Imperva, Inc. this is based on a survey by the market research company YouGov among employees with extensive or sole decision-making authority in the IT professional field.

  • 44 Percent of the companies surveyed do not have a current crisis plan
  • Almost one in five IT managers surveyed has reported that cyber attacks have led to customer losses, 46 percent suffered a failure of the systems
  • 47 Percent of respondents expect a significant increase in cyber attacks in 2022

Cyber attacks with massive business-damaging consequences

36 Percent of the IT managers surveyed state that the number of cyber attacks on their company has increased slightly or even to a large extent in the last twelve months. Ransomware (20%) and DDoS attacks (18%) dominated in particular: in the former variant, hackers gain control of the computer by means of malware and only release the device after paying a ransom. In DDoS attacks, hackers try to make as many requests to the system until it ultimately collapses. The consequences of this and other attacks were serious. Almost one in five IT managers surveyed reported that cyber attacks had led to customer losses; 46percent of them experienced a system failure. Other consequences mentioned were financial blackmail (16%), sales losses (15%), reputational damage (14%) and official sanctions (10%).

In addition, various categories of data were compromised or misused in the context of the cyber attacks among the companies surveyed: the most common targets of manipulation were employee (20%) and customer data (17%), but also protected intellectual property, management information (both 16%) and budget and other financial planning documents (13%).

No transparency in the use of data – a holistic security strategy is required

The companies have responded to the attacks with various measures: 50 percent of respondents said that the cybersecurity strategy has been revised; 48 percent have increased their investments in cyber security tools and solutions. In addition, almost every fourth company has hired additional staff in the field of IT and cybersecurity. The need for a strategic course correction and technical equipment is high; for example, according to the survey, not even every second company has a current crisis plan (44%). In addition, just under half of the companies surveyed (49%) use data discovery and classification tools or database activity monitoring tools (44%) that provide information on how sensitive data is used in the company.

In addition to these findings, the results of the study have also clearly shown that the IT managers surveyed must also look beyond their own operations with regard to data management and use. Digital business models in particular, but also cooperation with suppliers, for example, increasingly require the sharing of data, which poses further security risks: only 23 percent of the companies surveyed currently have a complete and automated list of all third parties with whom they exchange internal data. 39% update such a list manually, and 16 percent say that they do not keep lists to third-party providers at all. More than 30 percent have no or no secure systems and procedures that determine which data third parties can access.

“A large proportion of the companies surveyed still do not draw sufficient consequences from the current threat situation. And most companies are only now really starting to implement data-driven business models,” states Kai Zobel, Area Vice President EMEA Imperva. “For effective data protection, companies need a new culture that thinks security and innovation together, as well as investments in processes, systems and employees. Above all, however, you need a holistic security strategy that brings together measured variables from all areas of the company in a central platform. This is the only way to effectively protect your own IT infrastructure – from attacks from the outside as well as from the inside.“

The key point of “security” in cloud models

In addition, many of the IT managers surveyed are also divided when it comes to the topic of data security in the context of the introduction and use of cloud models. After all, 23 percent describe the introduction of the cloud as the biggest cybersecurity challenge in digital transformation projects from a data protection perspective. In addition, 29 percent of respondents are convinced that the overview of the data on-premises is greater than in the cloud (30%: overview about the same size). And 31 percent of respondents believe that their company’s data is less secure in the cloud than on-premises; only 18 percent see the data in the cloud as better kept.

A significant increase in cyber attacks is predicted – with prevention in focus on employees

For the year 2022, 47 percent of respondents expect a significant increase in cyber attacks: 31 percent expect an increase of up to 50 percent; another 16 percent expect even more attacks. The threat of ransomware attacks is classified as the strongest (35%); 13 percent of respondents cite DDoS attacks and insider threats as the greatest risk.

Strategic measures, but above all current working models and the involvement of employees, play an important role in containing the threat situation. 50 Percent of the companies surveyed plan to offer more training in the next twelve months in order to raise awareness of the topic of cybersecurity. A third of the companies surveyed (32%) want to review their remote work policies and 18% want to review their BYOD (Bring your own Device) policies. Updating the crisis plan in the event of an attack is mentioned as the second most common measure (37%).

About the study:

The online survey on which the study is based was conducted by YouGov Deutschland GmbH in the period from 10 to 20 December 2021. A total of 528 people with extensive or sole decision-making authority in the IT professional field, who work in companies with at least ten employees, were interviewed.

Unity 3D Games Development | Unity APP Outsourcing Services

Ready to see us in action:

More To Explore
Enable registration in settings - general
Have any project in mind?

Contact us: