89 percent affected by data theft

The demands on cyber security in German companies are increasing rapidly. 92% of respondents see an acute need for action in view of geopolitical uncertainties and technological upheavals caused by artificial intelligence or quantum computing and want to further develop their security strategy in a targeted manner over the next twelve months. This is shown by the latest PwC study „Global Digital Trust Insights 2026“, for which business and technology managers from around 3,900 companies worldwide - including 262 from Germany - were surveyed.

Geopolitical crises in particular are exacerbating cyber risks. State actors and complex attack scenarios - such as targeted ransomware attacks on critical infrastructure or acts of sabotage - are forcing companies to rethink their cyber strategy. What is particularly striking is that organizations in Germany are increasingly focusing on diversification. 55% want to expand their cyber risk management, while 40% are considering changing the location of their critical infrastructure. 42% are planning adjustments to their commercial and operational policies, while 35% are considering relocating business activities or changing their security provider - the latter significantly more frequently than internationally (26%).

Germany in the crosshairs

The importance of such measures is underlined by the results of the PwC study: around nine out of ten German companies (89%) have been victims of data theft or misuse in the past three years. This puts Germany above the international average (82 percent). The financial consequences are often considerable: for 15 percent of German companies, the losses amounted to between 500,000 and one million US dollars (globally: 12 percent), for a further 26 percent even between 1 and 10 million US dollars (globally: 16 percent). „The new threat situation is forcing companies to rethink and adapt their cyber strategy. Cyber security is crucial for the future viability of the German economy. Companies should therefore not just react, but act with foresight,“ says Moritz Anders, Partner and Cyber Security and Privacy Leader at PwC Germany.

Risk of skills shortage

In German companies, there are clear uncertainties regarding new types of cyber risks that go beyond the global level: 32% feel inadequately prepared for attacks using quantum computing (globally: 26%). Attacks on networked products and devices (30%), cloud-related risks (28%), data breaches by third parties (28%), social engineering (23%), compromising the software supply chain (20%) and ransomware (18%) are also major concerns for German companies.

The ongoing shortage of cyber talent is further exacerbating the situation. More than half of German respondents (54%) therefore rely on AI and machine learning tools to compensate for vacancies. Further training and retraining (45%), managed services (42%) and traditional recruitment (41%) also play an important role. In order to strengthen their own resilience, 77% of German companies (global: 78%) are increasing their budgets for cyber security. In the previous year, this figure was 72%. More than a third (36%) are planning increases of between 6% and 10% over the next twelve months, while a further 28% intend to increase their budgets by up to 5%.

The focus is on spending on network security and zero trust (37%, globally: 28%), followed by investments in AI (29%) and cloud security (28%). Internationally, AI (36%) and cloud security (34%) are prioritized even more. It is particularly striking that just under a quarter (24%) worldwide invest specifically in proactive security measures, while only 15% do so in Germany. Instead, there is a strong focus on reactive approaches in this country. „Prevention must not remain a blind spot. For a strong cyber defense, it is crucial to identify vulnerabilities at an early stage and rectify them in a targeted manner,“ says Moritz Anders.

AI: opportunity and risk

The role of AI is growing - but not without risks. Last year, 67% of security managers reported that generative AI has significantly increased the attack surface for cyber attacks - this figure currently remains unchanged. In this context, they consider AI-based malware (53%), attacks on the supply chain (51%) and deepfakes (41%) to be particularly critical. A quarter of German respondents want to specifically use agent-based AI for strategy and business development - more than in an international comparison (19%).

Source: PwC