Germany is not sufficiently prepared for the rising number of cyber-attacks and lags behind other European countries when it comes to cybersecurity. An international comparison published amid a worrying rise in phishing cases revealed.
Read the original German story here.
Since 2021, phishing cases increased the most out of all types of cybercrime, rising sixteen-fold globally, according to a cybersecurity report published on Monday (11 September).
Instances of identity theft were the second-biggest increase, up threefold since 2021.
In Germany, however, this huge threat increase is barely being addressed, and it ranks 18th out of 61 and far behind France and Spain.
“This shows again that there is still a lot of room for improvement,” Valentin Weber, Research Fellow at DGAP’s Centre for Geopolitics, Geo-economics and Technology, told Euractiv.
“In particular, Germany needs to learn more from the international cyber heavyweights – such as the US, Israel, and the UK – to increase its capabilities,” he added.
Conflicting views on IT
“Cybersecurity in companies is not a small one-off project, but a major ongoing task,” Dr Vera Demary, a digital expert at the Cologne Institute for Economic Research (IW), told Euractiv.
According to the report, one in three employees in Germany aged 16-70 and working in companies of all sizes and sectors believe that IT security in a company is important, and 84% are also unwilling to work in a company where IT is not important.
“Fortunately, many companies recognise this: More than half of the employees in Germany surveyed for the report say that the issue is not taken lightly at their company,” said Demary.
At the same time, however, 62% of Germans would not want to work in a company where IT security is subject to too many rules and regulations. Two-thirds rated IT equipment and the competence of the IT department as positive, while only 1.5% thought companies should reduce their investment.
Demand for IT specialists is also generally higher in medium-sized and large companies (50 employees or more). The highest demand is for ‘security/IT security’, followed by ‘IT systems management’.
“However, finding suitable skilled workers is a particular challenge. The demand is huge, but there has been a shortage of IT professionals for years,” added Demary.
When it comes to recruiting these professionals, the main problems are inadequate skills and excessive salary demands, with only a small minority seeing no challenges in IT recruitment.
The mechanical engineering industry
For some sectors, however, it is not the numbers but the skills of the workforce that are lacking.
This is the case for the mechanical engineering sector, where 85% of mechanical engineers said there were enough IT specialists in the field, but the sector ranked third worst in terms of skills, coming 17th out of 20 sectors.
“This leads me to the conclusion that despite digitalisation and Industry 4.0, too little is being done for IT security competence,” Steffen Zimmermann, head of the VDMA’s competence centre for industrial security, told Euractiv.
According to Zimmermann, in the context of EU cyber legislation – the Network and Information Security Directive (NIS2) and the Cyber Resilience Act – “machine builders need to step up their efforts”.
While these EU regulations set security standards for networked devices as a prerequisite for strengthening cybersecurity in the EU, they also mean additional work for companies and authorities.
To ensure that Germany, as an industrial hub, has the necessary security expertise, Zimmermann suggests that cybersecurity should be compulsory in all engineering curricula at universities and colleges.
“The fact that 20% of the IT budget is spent on security, significantly more than in previous years, is a good development. However, I think this figure is far too high in the engineering sector. I would be happy if it were 12%,” says Zimmermann.
On the other hand, Weber recommends that the acute shortage of cybersecurity personnel be overcome by setting a strategic goal for Germany to become a more attractive location for the international cybersecurity industry.
(Edited by Oliver Noyan/Alice Taylor]
Read more with EURACTIV