Maximum performance at minimal cost. Start your server in seconds now!

    CyberDirekt Study: Catch-up Potential in German Cyber Security

    A recent study by CyberDirekt, conducted together with the Düsseldorf-based research institute INNOFACT, shows that many German companies are still underestimating the risk of cyberattacks. Although cyber threats are widely covered in the media, almost 42 percent of the surveyed companies have not yet adequately addressed the issue. Around 70 percent even stated that they do not currently feel threatened.

    The representative study “CyberDirekt Risk Situation 2022” examined how small and medium-sized enterprises (SMEs) in Germany deal with cyber security. In December 2021, 511 decision-makers from e-commerce, retail, construction, services and IT companies were surveyed via an online questionnaire. The goal: to understand current levels of awareness, protection measures and perceived threats.

    Significant Catch-up Potential

    More than one in four companies (27 percent) reported having been the victim of at least one successful cyberattack within the past two years. The average financial loss per incident was approximately €193,700. E-commerce businesses were hit particularly hard — almost 46 percent of respondents in this sector experienced attacks.

    Across all industries, the greatest concern was the complete failure of internal IT systems. In retail, 70 percent of respondents feared total system downtime; in e-commerce, that number rose to 71 percent. Despite these figures, nearly half of all companies surveyed have not implemented comprehensive cyber protection strategies, and a majority still underestimate their actual exposure to digital risks.

    Biggest Sources of Cyber Risk

    The study identified weak passwords (57 percent) and the use of public Wi-Fi networks (48.6 percent) as the most common vulnerabilities in daily operations. Just over half of the surveyed companies (51 percent) regularly change passwords, and three out of four (75 percent) rely on up-to-date antivirus software. However, only a quarter (25 percent) conduct regular phishing simulations to train employees against social engineering attacks.

    These findings highlight a critical gap between awareness and action. Many businesses recognize the risks but lack structured security processes and employee training. Strengthening cyber resilience requires both technological protection and continuous education within the organization.

    Further reading: Device trust in times of cyber threats

    Source: CyberDirekt Risk Situation 2022

    Ganzheitlicher Datensicherheitsansatz: So agiert Centron

    Create a Free Account

    Register now and get access to our Cloud Services.

    Try now