The global and independent platform for the SAP community.

Lack of resources complicates IT security

Although companies are aware of the threat of cyberattacks, many have little ability to take the necessary security measures.
E-3 Magazine
January 16, 2020
Lack of resources complicates IT security
avatar
This text has been automatically translated from German to English.

Cyber attacks have long been recognized as a serious threat by German companies. Nevertheless, the intensity with which these attacks are tackled differs, sometimes dramatically, depending on the industry and company size.

This is the conclusion of the "IT Security in SMEs" study conducted by DriveLock, in which over 200 companies with up to 1000 employees were surveyed on their IT security and experiences with past attacks. Small to medium-sized companies frequently stated that they were unable to take the necessary security measures.

Obstacles

While just under 40 percent of respondents in companies with up to 49 employees assign IT security top priority, more than two thirds of companies with between 500 and 999 employees do so. Martin Mangold, Vice President Cloud Operations at DriveLock, explains:

"The study clearly shows that the problem of cyber attacks is recognized as such. When it comes to implementing the necessary security measures, there are two particular obstacles, especially for small and medium-sized companies:

resources and expertise. The reason for this is that the role of IT security manager in these companies is often assumed by the management or the IT department. A dedicated role for IT security would go hand in hand with more time and expertise for IT security issues."

This also becomes clear in the study. In companies with up to 50 employees, a dedicated IT manager is responsible for security in only 41 percent of cases. This task is often still the responsibility of the management.

"Of course, the necessary specialist staff cannot be replaced. Nevertheless, IT departments can be given a powerful tool to relieve their workload. The most common gateway for attacks is the internal user, whether through targeted social engineering attacks or carelessness.

With our maxim for data security 'Never trust, always verify', we minimize every external and internal security risk. This relieves the burden on IT departments in the long term and allows small and medium-sized companies to develop the necessary security structures"

adds Mangold.

"Hidden champions" are a popular target

Nowadays, small and medium-sized enterprises are no less exposed to the risk of cyberattacks than large companies. Germany is a popular target for cyber criminals, partly because of the so-called hidden champions from the SME sector - companies that are world market leaders in their niche.

These are often suppliers to large corporations and therefore represent an easier way for hackers to gain access to information from large companies.

For example, 61% of the study participants had at least one IT security incident in the past two years. Attacks often have consequences that threaten the existence of small and medium-sized enterprises in particular.

Nevertheless, only just under 40% of the companies surveyed plan to increase their IT security budget. Many large companies rely on cloud-based, managed services for protection and are mostly pioneers in this area.

Managed security services from the cloud are also a solution for small and medium-sized companies. The investment costs are low, IT employees are relieved and companies benefit from IT security that meets the latest technical standards.

This is why more and more smaller companies are open to security services from the cloud and can imagine using them in the future.

avatar
E-3 Magazine

Information and educational outreach by and for the SAP community.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.