The results of a global study conducted by Sage clearly indicate that small and medium-sized enterprises (SMEs) in Germany lack an effective IT security culture. While two-thirds of SMEs consider cybersecurity to be part of their corporate culture, only 4 out of 10 companies regularly address the issue. This misleading self-assessment has proven to be fatal on numerous occasions, as 55 percent of SMEs in Germany experienced a cybersecurity incident last year.
Lack of Regular IT Security Checks Leaves German SMEs Vulnerable
Effective protection against cyber threats cannot be achieved solely through the use of products. IT security is a continuous process that must be firmly embedded in the company culture and involve the entire workforce, according to Ben Aung, EVP Chief Risk Officer at Sage. However, German SMEs are lagging behind in these controls, as only 68 percent conduct regular audits.
One of the main challenges for SMEs is their limited IT resources. Without appropriate guidance and support, it becomes much more difficult for them to make informed risk management decisions. Many SMEs underestimate how a small number of carefully planned cybersecurity controls can help mitigate the majority of the attacks they face. In fact, 19% of SMEs rely solely on what they consider to be basic controls. However, even these basic cybersecurity measures can be complex to implement and require specific skills and tools.
The study reveals that a significant number of decision-makers in SMEs are overwhelmed by the complexities of cybersecurity. Despite 84 percent of SMEs claiming familiarity with firewalls, 46 percent do not actually implement them. Furthermore, 42 percent of SMEs worldwide neglect to secure critical data, indicating a lack of understanding about the importance of data protection. The lack of comprehension of key terms such as “end-to-end encryption,” “ransomware,” “Bring Your Own Device (BYOD),” and “Endpoint Detection” among decision-makers in SMEs further highlights the need for education and training in cybersecurity.
Collaboration among governments, industry associations, cybersecurity firms, and technology companies is crucial for enhancing cybersecurity for SMEs and improving their cyber resilience. Unfortunately, the lack of coherent guidance and consulting services for SMEs makes it difficult for them to protect themselves, train their employees, and access the right cybersecurity tools.
It is evident that German SMEs are in urgent need of an enhanced IT security culture. Regular assessments, appropriate consulting and support, and increased collaboration among various stakeholders are crucial for SMEs to strengthen their cybersecurity and navigate safely in today’s complex digital landscape. Decision-makers are responsible for tackling these challenges and taking the necessary measures to protect their companies from cyber threats.