Security Awareness

Security Awareness in German Companies

There are still many people and companies whose security awareness leaves a lot to be desired. Especially when people think that there is no reason for cybercriminals to attack their own data, data protection is often neglected. But that opens the door to cyberattacks, because anyone can become a victim.

The damage caused by a lack of security awareness

Security awareness means being aware of the dangers posed by cybercrime. This danger affects us all, even if we think we have nothing to hide or no useful data that criminals can do anything with. But that couldn’t be further from the truth.

Cybercriminals don’t always deliberately choose their targets. Attacks are often scattered, which means they can hit anyone.

Between the years 2016 and 2021, for example, global phishing attacks increased from about 19,000 to a whopping 323,972. And those are just the attacks that were reported. Who knows how many affected people didn’t even notice an attack or didn’t report it.

In general, the email inbox is one of the biggest security vulnerabilities. Phishing emails, viruses, Trojans and all other threats are sent by mail. Once the wrong link or attachment is opened, the data is no longer protected.

In Germany alone, ransomware causes more than 25 billion euros in damage every year. In 2021, criminals made and got away with over 500 billion euros in ransom demands related to cyber attacks, according to statistics.

So an attack by ransomware can be very expensive. In over 50 percent of cases, it causes damages of over 10,000 euros and can go as high as 100,000 euros. In almost 80 percent of cases, it can even cause damage of up to 1 million euros.

German companies in the focus of cybercrime

The most widespread type of cyber attack is phishing. Over 60 percent of successful attacks are carried out in the form of phishing.

German companies are in some way in the spotlight here, as their protection still leaves much to be desired in 2023. Security awareness should be omnipresent. After all, we keep hearing about successful attacks and the criminal methods are always evolving to cause even more damage.

In a survey of employees from various companies in different industries, it was found that, at best, they considered their companies to be moderately competent when it came to IT security. In many cases, the assessment was even lower.

Irrespective of the size of the company, the employees are largely of the opinion that the protection of data is very much in need of improvement. It also emerged that there is a lack of specialist IT staff in particular, or that some companies, especially smaller ones, do not have an IT department at all.

A lack of expertise on the part of employees also plays a role here, because IT security comes precisely from training employees in this area. Instead, in many companies, passwords are handled carelessly or e-mails are opened thoughtlessly, even if they may contain dangerous content.

So there is still a lot of work to be done before security awareness in German companies reaches a level that makes attacks by cybercriminals less successful. But it would make sense to start expanding protection now, because otherwise you will be left behind in the long run.


Security awareness in German companies, but also among private individuals, must be expanded. Hackers sometimes have an easy time phishing German companies’ data because they do not take data protection seriously enough. The statistics show that attacks are increasing, but security is not being increased. This is definitely the wrong direction of development. Crime never sleeps and criminals are always developing new methods to get at companies’ data. Those who don’t act now will fall by the wayside in the long run.