Cyber Security Survey: Only One in Two Employees Believe Their Company is at Risk from Hackers

Although the potential threat from cyber-attacks is growing, the risk is still underestimated. According to a survey conducted on behalf of Lufthansa Industry Solutions (LHIND), every second employee in Germany believes that a cyber-attack on their company is unlikely. At the same time, the more than 1,000 employees surveyed admitted that their own carelessness and lack of knowledge are the biggest weaknesses in the fight against cybercrime. With this in mind, LHIND's latest white paper "Cyber security - from the NIS2 obligation to IT resilience" shows how companies can still manage to implement the NIS2 legislation, which comes into force later this year, on time.

Norderstedt, February 20, 2024 - "In the course of implementing NIS2, companies must put their systems and processes to the test. The goal is a robust IT architecture that ensures business operations and internal communication even in an emergency," says Christian Garske, Business Director IT Security & Privacy at Lufthansa Industry Solutions (LHIND). In the future, non-compliance with NIS2 could result in fines of up to 10 million euros or 2 percent of total global turnover. A special feature of the new directive is that CEOs and board members can now be held personally liable for possible violations.

Our survey of more than 1,000 employees reveals negligence in German companies and also shows that the actual threat situation is underestimated.

Christian Garske
Business Director IT-Security & Privacy atLufthansa Industry Solutions (LHIND)

Security expert Garske recommends a combination of technical solutions and raising employee awareness: "Our survey of more than 1,000 employees reveals negligence in German companies and also shows that the actual threat situation is underestimated. Two-thirds of respondents identified carelessness and ignorance as the biggest weakness in their company. Despite this, half of those surveyed consider a cyber-attack on their own company to be "unlikely".

However, neither employees nor management should be complacent. According to the latest figures from the industry association Bitkom, more than one in two companies in Germany will be affected by digital sabotage by 2022. The total annual damage already amounts to more than 200 billion euros. According to LHIND consultant Garske, this situation is likely to worsen in the coming years.

EU urges SMEs to rethink and act on NIS2

"The original NIS Directive of 2016 was a milestone, but it was aimed at large companies and critical infrastructure operators. However, as cybercrime threatens the stability of the entire economic system, the EU has extended the regulation to more sectors and company sizes," says Christian Garske.

As part of NIS2, mid-sized companies with 50 or more employees will also have to take more effective measures against IT attacks this year. According to Garske, this includes risk analysis, crisis management, data backup, access control concepts and employee training: "The responsibility for these measures can no longer be fully delegated to IT departments or service providers; management must take action itself and exercise its control functions."