Statistics Austria: One out of Ten Companies Takes No Measures to Improve IT Security

The rapid digitization in recent years has brought companies many opportunities and benefits – but also security risks. 91% of companies with ten or more employees are therefore apt to implement security measures. The most common measures taken include data backups to storage media, regular software updates and maintenance, as well as strict password authentication for programs. Nearly all large companies with 250 or more employees apply these measures.

While about 73% of large businesses implement such measures, only 51% of medium-sized (between 50 and 249 employees) and 28% of small (10 to 49 employees) companies do so. Biometric user identification and authentication methods (such as fingerprint scans, voice or face recognition) are used by just 9% of all companies, though the trend here also shows that large companies are more inclined to use these methods than smaller ones: 22% of large, 13% of medium-sized and 8% of small businesses use biometric methods for user identification.

In order to prevent the improper use of information technologies, it is important to educate employees on the matter of IT security. More than half of companies (53%) use contractual agreements or declarations of commitment. Again, the company size plays a role here. While 88% of large companies make use of such contractual agreements, the number drops to 71% for medium-sized companies and to 50% for small companies. 9% of companies provide voluntary training opportunities to their employees or make information on IT security available. 22% of companies hold mandatory training courses or distribute compulsory educational materials to their employees.

Every third business (36%) has manifested measures, methods or procedures for IT security in written form (small businesses: 32%; medium-sized businesses 56%; large businesses: 82%); and yet 78% of these companies have created or revised such security documents within the last 12 months and are constantly striving to keep these up to date.

Training your employees is an important first step in reducing the security risk they may pose. An even more effective measure to protect sensitive company data is to centrally manage and update the access rights of your IT users. Do this in accordance with the principle of least privilege, which means that only access rights are assigned to employees which they need to perform their duties. This will prevent data theft by insiders and minimize the damage in the event of an attack. An employee who has many access rights may fall victim to cyber criminals who use his or her accounts to gain access to crucial systems and data.

Find out more about access management and our software solution here.

Sources (only available in German):

• Nine out of ten companies take measures to improve IT security