Cybersecurity is highly relevant at management level

Among other things, the latest figures shed light on how C-level managers assess the relevance of cybersecurity in their own company against the backdrop of the increasingly dynamic threat situation posed by cyberattacks. The study was conducted for the third time by market research institute Ipsos on behalf of Sophos and follows on from the surveys conducted in 2022 and 2024.

Cyber protection is established - and remains important

A key finding of this year's study is that cyber protection is now firmly established as a strategically relevant topic for the vast majority of companies. When asked how the increasing headlines about state-organized cyberattacks influence their view of cyber protection, more than half of the respondents in Germany (56%) stated that the high media presence has not changed their view, for the simple reason that cyber protection has always been an important factor in corporate management. A similar view was expressed by 64% of respondents in Austria and 58% in Switzerland.

The results are consistent with previous years of the study: in 2024, 55% of German companies, 46% of Austrian companies and even 60% of Swiss companies rated cyber security as "very important" for their business relationships. In 2022, 32.3% of companies in Germany, 37.3% in Austria and 47.1% in Switzerland had already confirmed that the relevance of IT security had increased further. The long-term importance of the topic is thus clearly documented.

Nevertheless, the threat situation is causing uncertainty

Even though cyber protection is firmly established in corporate strategies, the latest figures show that the increasing media presence of state-sponsored cyberattacks is not leaving management unscathed. In Germany, 27.5 percent of managers feel unsettled by the headlines, in Switzerland the figure is 30 percent and in Austria it is as high as 36 percent. This shows that Concern in the face of sophisticated, partly state-sponsored attackers has reached the boardroom. And it is obviously heightening security awareness.

Increasing investments and growing demands on partners

Many companies have already responded to the more complex threat situation and invested in their cyber security measures. In Germany, 47 percent of the companies surveyed have expanded the protection of their IT systems in the past, in Switzerland 48 percent and in Austria as many as 60 percent.

In addition to internal measures, there is also a greater focus on external protection. However, the requirement for cyber security measures for business partners - i.e. in the supply chain - is currently still less present. Some companies have started to increase the requirements for their business partners within the supply chain. In Austria, 36 percent of companies have raised the requirements for their business partners within the supply chain and introduced corresponding standards, in Switzerland 22 percent and in Germany 16.5 percent. This clearly shows that cyber security is increasingly seen as a joint task, even across company boundaries.

"Cybercriminals are increasingly targeting the supply chain to infiltrate secure systems by taking advantage of smaller, less well-equipped suppliers and partners," comments Michael Veit, security expert at Sophos. Security expert at Sophos, commented on this development. "To ensure business continuity and protect increasingly complex and interconnected IT infrastructures, organizations need to develop and implement effective cyber security strategies and best practices. This requires collaboration not only with third-party vendors, but also with cybersecurity experts who can provide tailored solutions, advice and support to create the technical framework needed to protect the entire ecosystem and ensure regulatory compliance."

On everyone's lips: Few think the cyber security debate is exaggerated

Despite the omnipresence of the topic, some of those surveyed consider the discussion about cyber security to be exaggerated. However, this opinion is only expressed by a minority of managers: in Germany, only 10.5 percent of respondents hold this view, in Switzerland 6 percent and in Austria only 4 percent. The results underline the fact that the majority of managers are treating the issue with seriousness and foresight.

About the survey

On behalf of Sophos, Ipsos surveyed 200 C-level managers from various industries in Germany and 50 each in Austria and Switzerland on the topic of IT security in their companies in spring 2025.

Source: www.sophos.com