The number of cyber-attacks on companies is growing steadily every year. According to Bitcom e.V. , the German economy recorded a loss of €103 Billion due to cyber-attacks in 2018/2019. For comparison, in 2020/2021, the loss almost doubled and reached €223 Billion. Even though many companies heavily invest in cyber security infrastructure, they often ignore the most crucial part in the security chain – their employees.
With the digital transformation and new emerging technologies such as Cloud and IoT, the IT landscape has become increasingly complex. In addition, the cyber-attacks are getting more sophisticated through the shift towards identity attacks and the usage of psychological techniques to manipulate employees. In 41% of assessed companies, cybercriminals manipulated the employees to get access to sensitive customer and business data (Bitcom e.V.) Employees often lack the right cyber-security skills and knowledge to recognize different cyber-attack scenarios. Thus, with the rising number of cyber-attacks, well-skilled employees with a common understanding of the importance of security measures and a security mindset will lead to competitive advantage for a company in the future. Therefore, in addition to technical security measures (like Zero Trust, Information Protection), it is also important to invest in the employees to increase their cyber-security awareness and to protect your company in the long term.
Most companies are using security awareness training in order to increase security awareness among employees. However, such training alone cannot be successful as the target audience will struggle to apply and retain the knowledge. Therefore, a comprehensive cyber security awareness concept is necessary to develop also a security mindset and culture within companies.