Investing in cyber protection is a priority - but not for all companies

According to the latest figures from the Sophos management study, the threat of economic damage from cyberattacks is the main reason for investing in cyber protection. Managers in Germany and Austria cite awareness of the economic consequences of cyberattacks as the main reason for investment in the past three years, with 23.4% (Germany) and 24% (Austria) respectively. Switzerland is even more aware in this regard, with 36% emphasizing that they have invested in cyber security due to potential economic damage.

Ransomware and digital transformation

The second most common reason for the expansion of IT security in companies in all three countries was the increasing threat of attacks such as ransomware. This aspect was emphasized by 21.4 percent of respondents in Germany, 20 percent in Austria and 28 percent in Switzerland - once again the most.

Another key motivation for strengthening the protection of IT systems is the digital transformation in companies. It ranks third in all three countries as a reason for investing in cyber protection, with 18.4% of German bosses, 14.9% of Austrian bosses and 20% of Swiss bosses.

Legal or insurance requirements subordinate

Compared to the main motives for investing in cyber protection, aspects such as cyber insurance requirements (Germany 2 percent, Austria 4 percent, Switzerland 4 percent) or applicable IT and cyber protection laws such as GDPR or NIS II were less important. The latter aspect was mentioned by 8% of respondents in both Germany and Austria, while it was not included in the survey in Switzerland.

State-initiated cyberattacks bring up the rear, 10 percent have not invested at all

Very few respondents state that protection against state-initiated cyber attacks was a motive for expanding IT security - in Germany this is 2.5 percent, in Switzerland 2 percent and in Austria this aspect is not even mentioned by anyone.

Despite the constantly increasing threat situation, some companies have stated that they have not strengthened their cyber protection in the past three years. In Germany, 10 percent of respondents, in Austria 14 percent and in Switzerland 6 percent have not done so.

Although the minority say they have not worked on better security in recent years, Michael Veit, Security Evangelist at Sophos, believes that it is a failure if every company does not invest in its cyber protection. "Companies must be aware that investments in IT security must no longer be seen as a cost factor, but as (over)life insurance," he says. "If you don't take this to heart, you can count down until your own business operations are paralyzed by a cyber attack."

Source: www.sophos.com