Medium-sized companies are increasingly investing in vulnerability management

Ransomware, phishing, denial of service attacks: according to a recent study, 84 per cent of the companies surveyed are concerned about the security of their IT systems and see a further increase in the threat situation. For good reason, as companies are also concerned about outdated code, data theft by employees, inadequate protection of company networks and the use of unauthorised devices.

For their study, market research institute Lünendonk and auditors KPMG asked 100 CIOs, CTOs and CISOs about the reasons for increasing risks and cyber attacks. Even though the survey concludes that companies are plagued by the same concerns as those warned against by the BSI in its annual reports, most SMEs in Germany feel well protected and have a plan for recognising and defending against cyber attacks at an early stage. Together with the BSI, Greenbone has launched the SMP-Bund portal as an aid and contact point for this.

Despite everything: concerns among SMEs

38 percent of managers cite enlarging digitalisation as a fundamental cause of growing risks, while one in four see an increase in cybercrime. And one in five of those surveyed feared that the general political situation in the world, particularly the war in Ukraine, would have negative consequences for their own security. Just as many cited deficits in infrastructure and rapid technological progress in general as worrying factors.

Investment in vulnerability management

This has consequences: 90 per cent of those surveyed stated that they wanted to invest in security tools, with vulnerability management receiving the most attention: According to the study, nine out of ten small and medium enterprises want to invest more in identifying vulnerabilities. In second place are investments in access management, particularly in the areas of IAM (Identity Access Management) and PAM (Privileged Access Management). Eight out of ten companies state that they intend to invest in this area or are already doing so.

“Nine out of ten companies want to invest in Vulnerability Management, Identity & Access Management, Security Monitoring and Business Continuity in 2023 and 2024. The investment plans show an increase in the areas of cloud security and AI-supported cyber defence, among others”, say the authors.