November 7, 2023
Armis Research Finds German Cybersecurity Teams are Overwhelmed by Threat Intelligence Data and Unknowingly Overlooking Vulnerabilities
Two-thirds of assets connected to business networks are not completely controlled and managed, introducing critical cybersecurity gaps
MUNICH – November 7, 2023 – New research from Armis, the asset intelligence cybersecurity company, surveying cybersecurity and IT decision-makers found that two thirds (66%) of German companies lack complete control and management of the assets connected to their network, introducing critical cybersecurity gaps. Additionally, over a third (38%) of organizations in Germany reported feeling overwhelmed by threat intelligence data. These two figures for the region stood out in Armis’ research as the highest percentages in these categories of all countries surveyed globally.
Given escalating cybersecurity threats, German companies are growing increasingly concerned about their preparedness and security posture. Without holistic asset visibility and management capabilities, organizations lack the needed oversight to understand their environment and manage the complex and evolving attack surface. With a constant stream of intelligence data and no clear processes to analyze and prioritize the information, respondents indicated that cybersecurity teams are overwhelmed, resulting in less time to create a proactive security plan to prevent breaches.
“Over the past year, German organizations across all industries – and even the central government – have been targeted by malicious actors and related repercussions have had an impact at all levels of the business, “said Peter Machat, Regional Director for DACH, Armis. “To avoid these situations and confidently mitigate cyber risks moving forward, it’s essential that cybersecurity be seamlessly woven into every aspect of business with asset intelligence at the core of every organization’s tech stack.”
Key findings from Armis’ research, commissioned with Vanson Bourne, include:
German cybersecurity teams are monitoring only a subset of the organizations’ complex attack surface, and are overwhelmed with a constant stream of non-actionable threat intelligence with no clear plans to analyze and prioritize the information.
- German companies report approximately 47,000 physical and virtual assets are connected to their network on an average business day. And less than one third (29%) reported having complete visibility over company owned assets, the lowest percentage globally. A majority (91%) of respondents admit improvements are needed to the contextual visibility of their organization.
- Organizations in Germany cannot account for 47% of their asset attributes when it comes to knowing things like asset location or support status.
- Respondents from Germany on average rely on eight different sources to collect data relating to threat intelligence. Only 49% to 59% of the processes related to threat intelligence data are automated. This indicates that a substantial portion of the work required to leverage intelligence feeds requires a manual effort. Additionally, only 55% of the information gathered from threat intelligence sources is actionable.
- When examining the adoption of zero trust, Germany appears to lag behind other countries surveyed in this research, with only 6% of companies reporting full implementation and utilization of a zero trust model. This is notably lower than the global average of 25%.
The recent surge in threats and a history of successful cyberattacks has left German companies concerned about their preparedness and security posture.
- More than half (63%) of German organizations reported experiencing more threat activity in the first three months (January – March) of 2023 when compared to the last three months (October – December) of 2022.
- Almost half (49%) of German organizations acknowledged having suffered a breach as part of a cyberattack in the past 12 months. These breaches had significant consequences, with 41% of breached companies facing operational downtime, financial loss and/or stolen data.
- A significant majority (74%) of German organizations expressed a lack of complete confidence in their ability to effectively mitigate the impacts across all assets connected to their network when facing a cyberattack.
- Building security into the development process is currently the top challenge for German respondents.
“Companies must invest in technologies that can provide continuous contextual visibility into all connected assets, the exposures driving the highest potential for business impact, and signs of active threats attempting to exploit such exposures that could lead to a material incident.” said Curtis Simpson, CISO, Armis. “With the support of these continuous operational insights, ongoing prioritization efforts become straightforward. Only with an asset-centric approach to cybersecurity can companies truly protect the entire attack surface and effectively manage cyber risk with the business in mind.”
To read the full research report from Armis, including a global view of this data and comprehensive breakdown for each region, please visit: https://www.armis.com/attack-surface-management
To learn about how Armis Centrix™, the AI-powered cyber exposure management platform, is enabling organizations to address these critical cybersecurity challenges, please visit: https://www.armis.com/platform/armis-centrix/
Methodology and Demographics
Armis commissioned independent market research agency Vanson Bourne to conduct research into attack surface management within enterprise organizations. The study surveyed 900 IT security and IT decision-makers in May and June 2023 from organizations with 1,000 or more employees including 150 German respondents, and others across the U.S., U.K., France, Singapore, Australia and New Zealand. Respondents were from organizations across all public and private sectors. All interviews were conducted using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate.
About Armis
Armis, the asset intelligence cybersecurity company, protects the entire attack surface and manages the organization’s cyber risk exposure in real time. In a rapidly evolving, perimeter-less world Armis ensures that organizations continuously see, protect and manage all critical assets. Armis secures Fortune 100, 200 and 500 companies as well as national governments, state and local entities to help keep critical infrastructure, economies and society stay safe and secure 24/7. Armis is a privately held company headquartered in California.