How resilient are German companies to cyber threats?
Almost 92% of organisations have experienced cyber attacks
Hardly anyone who has read the recent cyber security headlines has any doubt that ransomware is the biggest malware threat at the moment. And Germany seems to be one of the main targets since 2015. Last year, it was the seventh most frequently attacked country by malicious emails. This is already an improvement on previous years, when Germany had the highest number of malicious emails (2nd place in 2020).
The analysts at Comparitech, who focus on the topic of cyber security, published an article where they evaluated several studies and summarised the most important facts about the state of cyber security in Germany over the past year. Here is an excerpt of the highlights.
Germany as a prime target for malicious emails
Last year, 91.5 % of German companies were affected by cyber attacks in some form, and 57 % were specifically subject to ransomware attacks. An astonishing 74 % of the ransomware attacks came via phishing emails, compared to 65 % worldwide. The good news is that in almost a third of cases, German companies manage to block the ransomware attack before it succeeds. Of those that were unable to prevent the attack, 32% chose to pay the ransom to get their data back. That came at a high cost to them, considering that the median ransomware cost in Germany of $24,000 is the highest. And as practice shows, paying doesn’t always mean you get full access to your data again.
Hefty fines for data breaches
Along with being a magnet for email malware, Germany also reports one of the highest numbers of data protection breaches. The fact that Germany imposes the second highest fines for violations of the General Data Protection Regulation (GDPR) after Italy puts companies that fail to protect their data and their business at great risk of enormous financial losses. It is therefore striking that German companies spend only 10.8% of their IT budget on cybercrime prevention, with no discernible tendency for an increase.
This perhaps hints at why the level of cybersecurity in Germany was rated average – 44th out of 75 countries surveyed – and why it is still a lucrative destination for cybercriminals. These figures demonstrate that companies should really think about investing more wisely in strengthening their data security.
Action points for improving email security
Indeed, a high percentage (about 30%) of German companies have fully deployed security automation, but the pressure of being a favorite target of cyber criminals and keeping up with constantly newly emerging threats indicates necessity to increase it further. There are some key security measures that organisations need to take to prevent malicious attacks via incoming emails and data leaks through outgoing emails.
- Centralized security – Take the complexity out of security! A centralized email solution that unifies and automates cybersecurity protection mechanisms and rules takes the burden off employees, avoids mistakes and provides transparency and insight into security across the enterprise.
See iQ.Suite – innovative email management solution that combines comprehensive features for advanced security, productivity and compliance.
- Anti-Malware – Reliable protection against known and unknown ransomware, phishing, viruses, Trojans, etc. is an absolute must. In fact, diversifying risk by using two or more scan engines will keep companies on the safe side.
See iQ.Suite Watchdog for malware protection with 4 integrated renowned scan engines.
- Spam protection – Spam is not only annoying, but also contains malicious links and attachments.
See iQ.Suite Wall for highly effective Spam filtering and content recognition.
- Protect your data – Stolen credentials or personal data through malware are not the only way data can be compromised. It can also be leaked through outgoing mail.
- Encryption – Encrypting outgoing emails (especially those containing sensitive data) protects them from external interception or manipulation.
See iQ.Suite Crypt Pro for hassle-free server-based encryption and iQ.Suite PDFCrypt for efficient encryption, even when the recipient doesn’t have own encrypting software.
- Digital ID – The technical signing of emails with a digital ID confirms the identity of the sender and preserves the integrity of their data.
See iQ.Suite Crypt Pro for transparent key and certificate management.
- Data Leakage Prevention – Implement mechanisms that identify sensitive or private data in outgoing emails. Establish who has the right to handle such information and set internal rules to block emails from unauthorized employees containing such data. Detecting anomalies in sender behavior also increases prevention efficiency.
See iQ.Suite DLP as a comprehensive tool for identifying threats in outgoing emails.