Austria top and Norway bottom in Europe cybersecurity ranking

More European companies have integrated cyber risks into their risk management frameworks

Austrian and Dutch companies are the best protected against cyberattacks in Europe, while their peers in Sweden and Norway find themselves at the opposite end of the spectrum, according to a report by ESG rating firm EthiFinance.

The research also finds that cybersecurity preparation has increased for companies in the region over the past three years.

The study considers cybersecurity measures adopted by 2,321 companies in 2022 according to their own reporting. Some 6% were large corporations, 55% mid-sized firms and 39% SMEs.

EthiFinance also found that companies in Spain, Portugal, Ireland, Austria and France are the most exposed to cyberattacks and data breaches in Europe. In terms of sectors, industrials, consumption and financials face the higher levels of cyber risk.

Companies based in Austria received the highest average score at 86 out of 100, followed by the Netherlands (84), Ireland and France (both with 81).

Italy (77), the UK (76), Germany (74) and Spain (72) followed. At the bottom, Norwegian firms were awarded the lowest rating at 48, just below Sweden (51), Switzerland (53) and Finland (58).

The average score across all 16 countries analysed was 70, up from an average of 57 in 2020 and 65 in 2021, said EthiFinance.

The progress is particularly notable when looking at the share of companies that have integrated cyber risks into their risk management frameworks, which increased from 73% in 2021 to 85%. Among large companies, the ratio shifted from 82% to 91%.

EthiFinance based its ranking on criteria such as the integration of cybersecurity in risk management strategies, implementation of ISO 27000 norms and training for employees.

This year’s EthiFinance research shows that more than 80% of the companies analysed in Austria, the Netherlands, Luxembourg, Spain, Italy and Germany have ISO 27000 certifications for information security management systems.

However, in France only one out of every three firms is already certified. Real estate companies are less likely to seek certification, while utilities and IT firms are most likely to implement the standards.

Back to top button