No match found
Since the beginning of the Covid-19 pandemic and the war in Ukraine, the number of cyber-attacks has significantly increased, raising awareness about cyber security in Germany. Both public and private organizations are now increasing their spending on cyber security measures to close vulnerabilities and strengthen their cyber defenses. However, preventive cyber security measures are often too narrowly focused on specific forms of attacks. Organizations neglect the overall establishment of formal information security frameworks as they undervalue their effect.
For this study, we surveyed approximately 500 employees from both public and private sector organizations. We focused on top-level management positions as well as IT related employees of German large-scale corporations, SMEs, and public organizations.
Selected highlights of the report:
71% of participants experienced an increase in cyber-attacks on their IT-infrastructure since the beginning of the Covid-19 pandemic (59% since the beginning of the Ukraine war). As a result, most organizations experienced up to 10 critical cyber-attacks over the last 12 months and 30% of the participants even more (>10). This contributed to raising cyber security awareness in Germany, as participants across the public and private sector report an increase of cyber security measures within their organization to address vulnerabilities and boost cyber defense in the light of current crises. At the same time, the vast majority of both the public and private sector see defending the German economy against cyber-attacks as a joint task.
The most commonly perceived cyber risks for German organizations are evolving around the technologies rolled out at scale during the Covid-19 pandemic: Remote working solutions and the usage of cloud computing solutions. This is the case as solutions are situated outside of the companies’ physical boundaries. IT-departments thus can only exert limited influence and strongly rely on third party assurances respectively.
When dealing with cyber security challenges, both the public and private sector rely on a mix of internal and external competencies. The private sector has more internal capabilities than the public sector, yet both sectors are struggling to attract cyber security specialists – with rising demand indicating an ever-fiercer competition. In this battle of talent, the private sector is better positioned to attract skilled professionals and build up the associated competencies with more competitive salaries and benefit packages. Hence, the scarcity of cyber security talent, particularly in the public sector and mid-sized companies, calls for strategic talent acquisition and potential regulatory adjustments.
Insufficient automated information exchange between public and private sector is considered the biggest pain point, leading to potential delays in addressing such threats. Real-time information exchange is widely acknowledged for its effectiveness in coordinating countermeasures and improving preparedness for future attacks.
Feedback from both public and private sector indicate a shared wish for more collaboration, recognizing the complementary skillsets each other bring to the table. To effectively tackle pressing cyber security challenges, organizations must prioritize and establish robust cross-sector cooperation, leveraging the mutual desire for collaboration and realizing the potential benefits. By bridging the current information exchange gap, both sectors can collectively enhance preparedness and resilience, ensuring enhanced cyber security measures for Germany's digital landscape.
Andreas M. Lang, Mailin von Knobelsdorff, Dr. Christopher Stahl, Tobias Eckers, Paul Henning, Janik Dienst and Janis Wendland co-authored this report.