Detect cyber-vulnerabilities: Europe´s largest study on weak spots of information security in SMEs

VDS study

Data from 3,000 international companies participating in the VdS Quick-Check proves that SMEs are still inadequately protected against the increasing cyber-attacks. // Vulnerability analysis reveals the most serious need for improvement in the area of IT security management. // Advantage for medium-sized companies: especially in the worst rated security fields, even simple measures achieve a high level of protection.

Media reports about IT attacks not only on companies have become an almost daily standard. Experts agree that both the number and the destructiveness of those attacks will continue to increase: Cyber-crime is extremely lucrative, resulting in strong pressure to act for companies. Nevertheless, the conclusion of Europe´s most comprehensive study on safeguarding SMEs is: Insufficient protection. The VdS analysis of the IT security activities of 3,000 international companies was evaluated using a traffic light system – and for all core topics, these traffic lights are red. 

Background of the study

VdS supports the particularly threatened medium-sized companies with comprehensive protection services around the award-winning Cyber-Security guidelines VdS 10000, which are already among the top 3 standards implemented throughout Germany (BSI study). One of the services offered by Europe's largest institute for corporate security is the free Web-Quick-Check to quickly determine the individual degree of digital protection, including suggestions for optimisation. The anonymous data of 3,000 participating companies forms the basis of the VdS study on information security in SMEs. This figure makes it the most comprehensive analysis of this important topic in Europe.

Key findings

Highest protection values achieved by SMEs are in the fields of technology and prevention (both with 57% positive coverage), followed directly by the organisation of IT security with 56%. However, as in previous years, even these three figures are in the “red” range: highly vulnerable. Even far behind rank the activities of the companies subsumed under IT-management, e.g. measures such as outsourcing. Only 32% are well positioned here. Moreover, even topics that are no longer really new (such as cloud computing and the use of mobile devices) are not yet being dealt with systematically. A positive result of the VdS study is that the comparison with the previous year is improved in all core areas – but only by a maximum of 3%.

Among the individual measures most successfully implemented are regulations on decisive data protection (96% positive) and on the structured allocation of administrative access (88% positive). Problematic is that only 49% of the companies regularly check these accesses for their further necessity – highly threatening the last comparatively good value. Structured access allocation is a small step with a big impact on corporate security, blocking numerous opportunities for cyber criminals to harm a company and its employees from the outset. 

Recommendations to ensure protection: simple measures, great effect

“The conclusion is unfortunately quite clear: the valuable patents and processes of innovative SMEs are still far too easily open to cyber criminals,” summarises Markus Edel, Head of the VdS Cyber-Security Department, the findings of the study. “Of the 52 protective measures evaluated by the 3,000 companies, only one, data protection, is in the green. Annual losses running into billions – and with a strong upward trend – illustrate the enormous pressure to act.”

Edel´s recommendations based on the current results are as follows: “A major advantage for our threatened medium-sized businesses is that a great deal can be achieved with little money, especially in the poorest rated field, the management of IT security. Among other things, the contract with each IT outsourcing and cloud computing service provider should contain precise legal and security-related requirements and, of course, oblige them to fulfil those. In general, regular backups, as required by VdS 10000, are the most important protective measure. So Wannacry, Rapid and their even stronger relatives, who are sure to come, can let off steam as they please – their destruction is kept within very narrow limits. Even the simple structuring of access rights minimises the effect of each of the millions of malware programs wafting through the Internet. The training and sensitisation of employees is also crucial. Criminals will always come up with something new, which is why the holistic orientation of information security is so important. It is by no means just a matter for the IT departments, but a management task to be implemented holistically. Because like so many other studies on the subject, the largest one also confirms: We have to protect ourselves better, systematically, and quickly!”

The free Quick-Checks for fast status determination of information security (also especially for process automation technology) as well as for the General Data Protection Regulation (GDPR), including direct optimisation aids, are available at:

Caption Study: 3,000 participants make the VdS study on vulnerabilities of corporate information security the most comprehensive analysis of this important topic. Conclusion: despite a slightly positive trend compared to the previous year, the majority of the protective measures are still inadequate. The pressure to act is strong – and the study highlights key areas where to act first to achieve the greatest impact.

More information at

Adauga Comentarii

Basic HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id> <p> <br> <span> <img src alt height width data-entity-type data-entity-uuid data-align data-caption>
  • Lines and paragraphs break automatically.
  • You can align images (data-align="center"), but also videos, blockquotes, and so on.
  • You can caption images (data-caption="Text"), but also videos, blockquotes, and so on.
  • Only images hosted on this site may be used in <img> tags.

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
Atentie! Nu introduceti date personale in comentarii.




Carlos Velázquez, Marketing Director Roca

Credem ca ‘Smart’ poate fi cu adevărat inteligent, doar dacă îmbunătățește viețile oamenilor.

Carlos Velázquez, Marketing Director Roca

Marius IORDACHE, Sales Manager Heating & Water Heating Devices TESY Romania SRL

Vom continua să dezvoltăm capacitatea de producție astfel încât să atingem obiectivul ambțios de a fi în primii trei producători de boilere electrice în Europa în următorii 3 ani.

Marius IORDACHE, Sales Manager Heating & Water Heating Devices TESY Romania SRL

Horia Voicu, director AFRISO-EURO-INDEX SRL

Cu siguranţă inteligenţa artificială va reprezenta viitorul şi în domeniul aparatelor de măsură şi control.

Horia Voicu, director AFRISO Romania

Samuel Prodea, director general

"Scopul și provocarea majoră pe care am avut-o în 2018 a fost informarea corectă și educarea clienților, deoarece în România încă se fac multe improvizații în acest domeniu. Vrem să continuăm să specializăm meseriași în acest domeniu."

Samuel Prodea, director general

Top Categorii

Energie regenerabila

IEAS 2019