The study that was conducted on behalf of BITKOM is showing that many German companies have established some basic protection against cyber-attacks. Yet only a small portion goes beyond that and closes all of the important gaps. Of the over 1,000 surveyed all security administrators said that their companies have set up password protection on all devices, as well as firewalls and anti-virus software and 80% encrypt their network connection. But when it comes to data protection and attack detection most of the polled lag behind: Around 45% of the companies encrypt their data and only 40% of them use e-mail encryption. This is particularly troublesome since most companies use e-mail and other electronic methods to exchange and store sensitive information and data. BITKOM-President Prof. Dieter Kempf states that nowadays standard protection like anti-virus and firewalls are no longer enough to protect companies from cyber-attacks.
The basic measures are easy to implement in companies and cause little effort to the end user but what of the more challenging methods? This might be the reason why so many companies still haven’t implemented e-mail encryption in their basic protection – even though it is such a fundamental security gap. Most solutions out there are too complicated to use for the common end user, too complex to set up and still don’t solve the problem of transferring large files securely, now a common requirement. The result of this is so called ‘shadow-IT’ where un-approved insecure consumer grade cloud-storage combined with non-encrypted e-mails are the most convenient solutions for the end-user. Security administrators should aim to provide a solution that offers encryption for e-mails and large files while being easy to use for non-it staff and one that makes compliance and data protection easier for the company.