Lack of resources complicates IT security

Cyber attacks have long been recognized as a serious threat by German companies. Nevertheless, the intensity with which these attacks are tackled differs, sometimes dramatically, depending on the industry and company size.

This is the conclusion of the "IT Security in SMEs" study conducted by DriveLock, in which over 200 companies with up to 1000 employees were surveyed on their IT security and experiences with past attacks. Small to medium-sized companies frequently stated that they were unable to take the necessary security measures.

Obstacles

While just under 40 percent of respondents in companies with up to 49 employees assign IT security top priority, more than two thirds of companies with between 500 and 999 employees do so. Martin Mangold, Vice President Cloud Operations at DriveLock, explains:

"The study clearly shows that the problem of cyber attacks is recognized as such. When it comes to implementing the necessary security measures, there are two particular obstacles, especially for small and medium-sized companies:

resources and expertise. The reason for this is that the role of IT security manager in these companies is often assumed by the management or the IT department. A dedicated role for IT security would go hand in hand with more time and expertise for IT security issues."

This also becomes clear in the study. In companies with up to 50 employees, a dedicated IT manager is responsible for security in only 41 percent of cases. This task is often still the responsibility of the management.

"Of course, the necessary specialist staff cannot be replaced. Nevertheless, IT departments can be given a powerful tool to relieve their workload. The most common gateway for attacks is the internal user, whether through targeted social engineering attacks or carelessness.

With our maxim for data security 'Never trust, always verify', we minimize every external and internal security risk. This relieves the burden on IT departments in the long term and allows small and medium-sized companies to develop the necessary security structures"

adds Mangold.

"Hidden champions" are a popular target

Nowadays, small and medium-sized enterprises are no less exposed to the risk of cyberattacks than large companies. Germany is a popular target for cyber criminals, partly because of the so-called hidden champions from the SME sector - companies that are world market leaders in their niche.

These are often suppliers to large corporations and therefore represent an easier way for hackers to gain access to information from large companies.

For example, 61% of the study participants had at least one IT security incident in the past two years. Attacks often have consequences that threaten the existence of small and medium-sized enterprises in particular.

Nevertheless, only just under 40% of the companies surveyed plan to increase their IT security budget. Many large companies rely on cloud-based, managed services for protection and are mostly pioneers in this area.

Managed security services from the cloud are also a solution for small and medium-sized companies. The investment costs are low, IT employees are relieved and companies benefit from IT security that meets the latest technical standards.

This is why more and more smaller companies are open to security services from the cloud and can imagine using them in the future.