Cyber Security in Germany

Insights into the current threat landscape, and future fields of collaboration between the public and private sector


Public and private sector must advance their collaboration to jointly strengthen Germany’s cyber resilience

Since the beginning of the Covid-19 pandemic and the war in Ukraine, the number of cyber-attacks has significantly increased, raising awareness about cyber security in Germany. Both public and private organizations are now increasing their spending on cyber security measures to close vulnerabilities and strengthen their cyber defenses. However, preventive cyber security measures are often too narrowly focused on specific forms of attacks. Organizations neglect the overall establishment of formal information security frameworks as they undervalue their effect.

For this study, we surveyed approximately 500 employees from both public and private sector organizations. We focused on top-level management positions as well as IT related employees of German large-scale corporations, SMEs, and public organizations.

Selected highlights of the report:

  • >90% of respondents consider cyber defense a joint private-public responsibility
  • 44% of participants plan to invest more in their cyber security capabilities, while 32% want to maintain their investments on the current level even in the face of increasing threats
  • The private sector generally considers the effectiveness of public-private cooperation to be much lower than its counterpart. The perceptions diverge most severely regarding employee cyber security trainings, defense on cyber-attacks and assistance with cleanings or restorations of IT-systems
  • 40% of all organizations rely on a mix of internal and external competencies when it comes to cyber security, given the ongoing challenges in developing own capabilities in this field. Despite the private sector being better equipped with internal resources, both sectors face difficulties in further enhancing their cyber security capabilities
  • Remote work is named as the number one risk, even though the most common form of observed attacks continue to be indiscriminate and simple ‘bulk’ attacks

Register here to download

How the increase of cyber-attacks raised cyber security awareness

71% of participants experienced an increase in cyber-attacks on their IT-infrastructure since the beginning of the Covid-19 pandemic (59% since the beginning of the Ukraine war). As a result, most organizations experienced up to 10 critical cyber-attacks over the last 12 months and 30% of the participants even more (>10). This contributed to raising cyber security awareness in Germany, as participants across the public and private sector report an increase of cyber security measures within their organization to address vulnerabilities and boost cyber defense in the light of current crises. At the same time, the vast majority of both the public and private sector see defending the German economy against cyber-attacks as a joint task.

Most prevalent cyber risks and attack types

The most commonly perceived cyber risks for German organizations are evolving around the technologies rolled out at scale during the Covid-19 pandemic: Remote working solutions and the usage of cloud computing solutions. This is the case as solutions are situated outside of the companies’ physical boundaries. IT-departments thus can only exert limited influence and strongly rely on third party assurances respectively.

Ranking of cyber security risks (named by %)

1. Home office/remote work
2. Cloud computing
3. Increased use of mobile devices
4. Unencrypted communication
5. Organizational social network activities

The lack of specialists and its consequences on internal cyber security skills

When dealing with cyber security challenges, both the public and private sector rely on a mix of internal and external competencies. The private sector has more internal capabilities than the public sector, yet both sectors are struggling to attract cyber security specialists – with rising demand indicating an ever-fiercer competition. In this battle of talent, the private sector is better positioned to attract skilled professionals and build up the associated competencies with more competitive salaries and benefit packages. Hence, the scarcity of cyber security talent, particularly in the public sector and mid-sized companies, calls for strategic talent acquisition and potential regulatory adjustments.

Status quo of public and private sector cooperation

Insufficient automated information exchange between public and private sector is considered the biggest pain point, leading to potential delays in addressing such threats. Real-time information exchange is widely acknowledged for its effectiveness in coordinating countermeasures and improving preparedness for future attacks.

Public sector
Private sector

Feedback from both public and private sector indicate a shared wish for more collaboration, recognizing the complementary skillsets each other bring to the table. To effectively tackle pressing cyber security challenges, organizations must prioritize and establish robust cross-sector cooperation, leveraging the mutual desire for collaboration and realizing the potential benefits. By bridging the current information exchange gap, both sectors can collectively enhance preparedness and resilience, ensuring enhanced cyber security measures for Germany's digital landscape.

Andreas M. Lang, Mailin von Knobelsdorff, Dr. Christopher Stahl, Tobias Eckers, Paul Henning, Janik Dienst and Janis Wendland co-authored this report.

Contact us

Prof. Dr. Rainer Bernnat

Prof. Dr. Rainer Bernnat

Partner, Strategy& Germany

Dr. Germar Schröder

Dr. Germar Schröder

Partner, Strategy& Germany

André Glenzer

André Glenzer

Partner, Cyber Security & Privacy, PwC Germany

Tel: +49 160 94470376

Lucas Sy

Lucas Sy

Director, Strategy& Germany