A key finding of the evaluation of numerous current studies is that companies are not lacking in awareness, but in implementation. According to Deloitte, 62 per cent of companies consider the topic of cybersecurity to be highly relevant, but only 39 per cent consider themselves sufficiently prepared. The fact that nearly one in two companies sees its existence threatened by cyberattacks is particularly critical (TÜV Cybersecurity study).
Press Releases
Dortmund |
Almost half of companies see cyberattacks as an existential threat
Cyber attacks, growing regulatory requirements and disruptive technologies are increasingly posing security-related challenges for companies. The new meta-study “Rethinking Security: Resilience, Compliance and AI as Future Factors” by adesso and Statista shows that companies wishing to remain competitive in the future will have to think strategically about cybersecurity – and make targeted investments in governance, resilience, compliance (GRC) and the secure use of new technologies.
Growing pressure to act
In view of European and national legislation, the pressure for action will continue to increase. With regulations like DORA, NIS2 and the Cyber Resilience Act, companies from almost all sectors will be obliged to professionalise their IT security, monitor and enforce processes more closely and implement resilience measures. However, according to KPMG, as of the start of 2025, not a single insurance company or bank had fully implemented the DORA requirements.
“The increasing complexity of regulatory requirements, the dynamic threat situation and technological change require companies to rethink IT security. Only an integrated GRC framework, flexible security concepts and a strong security culture can ensure that we use innovations safely, minimise attack exposure and ensure business continuity in the long term,” says Andreas Prenneis, Member of the Executive Board of adesso SE.
Andreas Prenneis is a Member of the Executive Board of adesso SE. (Source: adesso)
Modernisation meets growing safety requirements
While new technologies are becoming more widespread and the IT landscape is becoming more complex, the number of attack vectors is also growing. More and more companies are relying on hybrid IT and multi-cloud models for more data protection, scalability and flexibility – with all the associated opportunities and risks. The use of artificial intelligence can also pose risks – and not just as a tool to support attackers in new threat scenarios. By using unsecured or insufficiently tested AI tools in corporate processes, employees may open up new vulnerabilities that can be exploited by cybercriminals.
“It is crucial that companies always think about security from the very start,” says Etienne Dziomber, Business Unit Lead Information Security at adesso. “Modern IT architectures and cloud environments require flexible, holistic security concepts to minimise attack surfaces and ensure ongoing compliance.”
However, new technologies can also help with security. Modern security architectures such as “zero trust” and AI-supported protection enable significant efficiency gains. According to Forrester, 92 per cent of investments in zero trust models pay for themselves after just three years. Nevertheless, only 10 percent of companies are actively using AI to defend against cyber attacks.
Etienne Dziomber is Business Unit Lead Information Security at adesso SE. (Source: adesso)
The human weak point
The human being remains a key gateway for attackers. Untrained employees and shadow IT are still considered the biggest security risks in companies. It is not uncommon for employees to use IT services arbitrarily without oversight or the knowledge or consent of the IT department – including for AI – and transmit sensitive company data to external platforms in doing so. This increases the risk of data breaches, compliance violations and data leaks. Often, this is simply due to employee ignorance. According to the Bitkom survey, however, only 24 per cent of companies conduct regular security training.
The meta-study emphasises that security can no longer be an isolated IT topic, but must become an integral part of overall corporate strategy. Resilience is a clear competitive advantage. Companies with high digital resilience can avoid downtime and follow-up costs, or at least significantly reduce them. Only those that consistently implement regulatory requirements, invest in resilient structures and use new technologies responsibly can enjoy full digital sovereignty and remain capable of acting in the future.
Press service
Materials for media reports
With our press service, we provide you with various materials that complement our corporate news or serve as background information.
Do you have any questions?
Do you have any questions about our press service or a specific request? Please contact us.
Communications Manager Nils Roos +491704406148 nils.roos@adesso.de