The TÜV Association (Technical Supervisory Association) recently commissioned polling institute Ipsos to conduct a representative survey on the topic of IT security. A total of 503 companies with at least ten employees was surveyed.

The results were as clear as they were surprising: 47 percent of IT security managers, IT department heads and other persons in leading positions were in favor of enforcing stricter legal regulations to ensure that IT security is guaranteed.

IT security for all

TÜV chairman, Michael Fübi, did not anticipate such a definitive outcome: “Companies have cast a surprisingly strong vote for tougher regulations of IT security in the economic sector.”

Fübi has called for appropriate measures to be taken – by which he means that a minimum standard for IT security should be implemented across all economic sectors and not just for companies who are in charge of operating critical infrastructures, as was previously planned.

Increasing importance

The reasons for this unequivocal desire for stricter rules are obvious: for one thing, companies are aware of (and have experience with) a drastic increase in cybercrime; and, on the other hand, it is simply part of the digital transformation. 77 percent of companies surveyed stated that IT security had become increasingly important to them over the past five years.

Yet some companies still underestimate the importance of IT security. When asked about the important of IT security in their company, 14 percent responded that it plays only “a minor role or no role at all”.

While you’re here – why don’t you sign up for our webinar?

“Top 5 Risks in Access Management” –
held by Helmut Semmelmayer, tenfold Software GmbH

Sign up for free

While you’re here – why don’t you sign up for our webinar?

“Top 5 Risks in Access Management” –
held by Helmut Semmelmayer, tenfold Software GmbH

Sign up now

Costly security holes

The following figures from the study show that this approach could prove to be a grave case of misjudgment: 29 percent of those surveyed admitted that they had an IT security incident in recent years – and 13 percent of those occurred within the last twelve months.

The negative consequences resulting from these incidents come in various forms: 47 percent of those affected suffered financial losses and nearly every third company was temporarily unable to provide its services to customers. 12 percent reported damages to their image.

6 out of 10 lack necessary budget

Only 40 percent of companies surveyed claim to have a designated budget for IT security. In other words, not even every second company has the required monetary means to implement an adequate IT security system. And there is one statistic that is especially alarming: 32 percent stated that they are simply willing to accept “certain risks” as being part of their day-to-day business in the IT sector.

Conclusion

As our work environments are becoming more modernized and digital, the question of IT security is gaining importance. Some specialized fields have long understood this fact, though the true value of an effective IT security solution has not yet reached all top management levels to the full extent. The odd consequence is that, now, almost every other IT manager is yearning for governments to impose stricter regulations. Their hope is that companies will be forced to do what is good for them and finally improve their IT security once regulations are in place.