IT service providers first line of defence for smaller German firms
Small German companies are heavily reliant on IT service providers to help them with cybersecurity, while medium-sized firms are more likely to use specialist cybersecurity consultants, according to research carried out by insurer HDI Versichering, the German retail carrier of the Hannover-based HDI group.
The insurer carried out two studies on cybersecurity at small and medium-sized companies in 2022 and 2023, in partnership with market research company Sirius Campus.
A total of around 1,200 IT and insurance decision-makers from SMEs were surveyed, as well as self-employed people as part of the ongoing project.
Christian Kussmann, board member for companies/independent professions at HDI Versicherung, explained: “Across all companies, IT service providers are the most frequently mentioned source of information on the subject of cybersecurity. Their importance for the cybersecurity of small and medium-sized companies cannot be overestimated.”
Forty-nine percent of those surveyed cited IT service providers as a source of information on cyber topics. At 54% and 56% of those surveyed, the proportion of responses was roughly the same for medium-sized companies with up to 250 employees and for small companies with up to 49 employees.
But just 38% of small companies with up to nine employees cited IT service providers as a source of information. In addition, the media (36%) was cited as an important source of information in this segment. In larger companies, the media tends to play a secondary role in this regard, reported HDI.
The insurer added that medium-sized companies (50%) preferred specialist IT security consultants, just ahead of general IT service providers (47%).
“Many IT service providers also take action on their own initiative to inform companies about cyber risks. Thirty-seven percent of those surveyed stated that they had been actively approached about it by their IT service provider,” Kussmann said.
IT service providers also play a central role in the implementation of preventative measures, said the insurer. Some 41% of respondents stated that their IT service provider had advised them to implement preventive measures against cyberattacks. “However, there is also a dichotomy here: 47% each of small and medium-sized companies made this statement. For small businesses, only 27% agreed with this statement,” said HDI.
The survey found that 43% of medium-sized companies resorted to IT specialists at their cyber insurers to repair damage after a cyberattack. Small businesses tended to resort to other external IT specialists (46%). Fifty-five percent of small business owners relied primarily on their IT service provider.