SME sector strengthens data protection and IT security as it takes steps towards greater digitalisation

Frankfurt am Main (ots) -

  • Protective measures implemented by 85% of companies
  • More is needed: only one in two firms believe they have sufficient protection in place
  • One third of SMEs reporting security incidents

Modern technologies and digital networking afford SMEs a broad range of development prospects while confronting them with new challenges at the same time: it has never been more important to protect existing data and secure the company's own IT infrastructure. Small and medium-sized enterprises (SMEs) in Germany are well aware of this fact. Between 2013 and 2015, the majority (85%) took steps to improve IT security and data protection, as revealed by a special survey conducted by the representative KfW SME Panel.

"The digitalisation of business processes will continue to increase rapidly, with new technologies coming along all the time. This means that IT security and data protection require constant action on the part of entrepreneurs. It is essential for a company to invest in protecting itself in order to remain competitive", explained Dr Jörg Zeuner, KfW Group's Chief Economist.

Comparatively inexpensive measures that can be implemented easily, such as software (e.g. anti-virus programmes, firewalls), are by far the most frequent choice when it comes to investment. By contrast, more sophisticated security precautions like backup systems and encryption technology play a significantly smaller role. It is primarily larger SMEs with more than 10 employees that consider comprehensive and capital-intensive measures such as employee training or structural modifications (e.g. access control, alarms). SMEs are reluctant to appoint relevant IT specialists on a permanent basis. Just 7% of those surveyed had taken on such staff. The expense involved is the most frequent reason given by SMEs for not protecting themselves better. This reflects the view that data protection is a cost burden but does not contribute to revenues. However, insufficient time to focus on IT security and data protection is another reason given. As a result of this, 55% of SMEs consider their companies to be adequately protected, according to analysis by KfW. This also means that at present nearly half of all companies believe they are not well enough protected.

The KfW SME Panel also reveals that the measures adopted by the firms are necessary. One in three SMEs in Germany were directly affected by attacks on their IT security or data between 2013 and 2015. Another 35% harbour the suspicion that a cyber-attack occurred but are unable to prove this, meaning the number of unrecorded security incidents could be correspondingly higher. Damage to hard disks and other PC hardware was the most common result of those attacks that were identified, affecting 17% of SMEs. 9% of firms complain their corporate communication (e.g. e-mail correspondence) has been monitored, while another 16% at least suspect as much. 7% of SMEs report having lost important data irretrievably. The manipulation of payment flows and skimming of customer data, supply contracts or product secrets are less common phenomena, according to the latest analysis carried out by KfW Research, but are by no means an exception. Even smaller SMEs (31%) are overall more likely to be targeted by attackers than are medium-sized enterprises (25%).

"It is not at alls the case that only large corporations fall victim to data theft and attacks by hackers. Increasing levels of digitalisation are also rendering SMEs more vulnerable to attacks by cyber criminals", added KfW's Chief Economist Zeuner. "Our analysis demonstrates that the risks to which SMEs too are exposed should not be underestimated. It should be borne in mind that, in the space of three years, a third of German SMEs have experienced security incidents - that's over a million companies". Zeuner also pointed out the need to identify and plug security gaps, monitor legislation, implement new regulations and adopt new standards. "Ensuring employees possess the requisite specialist knowledge will play a decisive part in this. That's exactly where SMEs have a lot of catching up to do!"

Within the framework of the representative KfW SME Panel, KfW Research surveyed small and medium-sized enterprises regarding their experience with IT security incidents. You can view the detailed results of the analysis here:

Printable diagrams of the main results of the analysis can be found at:

Digital press kit:

Rückfragen & Kontakt:

KfW, Palmengartenstr. 5 - 9, 60325 Frankfurt
Kommunikation (KOM), Christine Volk,
Tel. +49 (0)69 7431 4400, Fax: +49 (0)69 7431 3266,
E-Mail:, Internet: