Germany recorded a €4.61 trillion GDP in 2021, contributed mainly by established private firms and budding startups tapping into the developed economy.
However, such attractive numbers also make German brands, foreign companies in the region, and even the government, a target for cybercriminals.
What kinds of cyberattacks are most prevalent in Germany? How often are industries hit, and what is in place to prevent such attacks?
Find out everything you need to know in this Germany cybersecurity statistics piece.
Top 8 German Cybersecurity Statistics (Editor’s Pick)
- 46% of German companies experienced a cyberattack in 2021.
- 19% of private individuals in Germany fell victim to phishing attacks in 2022.
- New malware variant detections in Germany reached 10.1 million in January 2022.
- Flubot accounted for 37% of all botnet detections in Germany in 2022.
- The most significant recorded DDoS attack in Germany in 2022 lasted 228 minutes.
- 86.3% of German firms were victims of a web or mobile application attack in 2022.
- German firms allocated 10.8% of their IT budget to information security in 2022.
- The average cybersecurity specialist gets paid €63,000 annually in Germany.
Infographic
General Germany Cybersecurity Statistics
1. German companies were the second-least attacked across 17 surveyed countries in 2021-2022.
72.6% of German companies reported one cyber breach (at least) in this period.
That was only higher than Australia (62.5%), making Germany fare better than 15 other countries.
2. Over 3 in 10 German firms’ cybersecurity applications were delivered via cloud services in 2022.
While 31.3% of all cybersecurity frameworks across German firms were delivered via cloud services, it was still lesser than the global average (41.1%).
In fact, Germany only pipped China (30.9%) to avoid being last on the list comprising 17 countries.
3. 41% of German companies had comprehensive cyber insurance in 2022.
Likewise, another 40% had cyber insurance policies containing exclusions.
4. 46% of German companies experienced a cyberattack in 2021.
The number remained the same in 2022, according to data from over 900 surveyed German respondents.
5. Only 3% of German firms were at the "Expert" cybersecurity maturity level in 2022.
The majority (68%) were at the “Intermediate” level, while the rest (29%) were at the “Novice” level.
6. 29% of cyberattacks on German companies in 2020-2021 were traced to organized crime syndicates.
This was higher than 21% of organized crime-facilitated cyber hacks recorded in 2018-2019 or the 7% figure reported in 2017-2018.
7. 20,174 exploits were found in software products in Germany in 2022.
13% of these vulnerabilities were deemed critical. Likewise, the general number represented a 10% surge from software-related exposures declared in 2021.
8. 58% of German respondents feared a potential cyberattack on their companies in 2022.
91% of the respondents also believed there was room for improvement regarding the current cybersecurity landscape in Germany.
9. Almost 3 in 10 German companies were likelier to buy a cyber insurance plan after an attack.
27% of around 900 surveyed German brands purchased a cyber insurance plan or bolstered the one they had after experiencing a cyberattack.
10. 64% of German brands had cyber insurance in 2021.
By 2022, 3% more German brands joined the fold, pushing the total number of firms with cybersecurity insurance to 67%.
Germany Consumer & Private Individual Cybersecurity Stats
11. By 2022, 29% of German consumers had already suffered a cyberattack.
1 in 4 (25%) respondents fell victim to e-commerce fraud. Another 25% suffered an account breach, and 24% experienced malware infestation.
12. 19% of private individuals in Germany fell victim to phishing attacks in 2022.
But this was a growth from 25% of individuals in the same position in 2021.
13. 53% of German consumers used antivirus software for improved cybersecurity in 2022.
52% of surveyed respondents switched to secure passwords, and another 44% went for updated firewall systems.
14. 38% of German consumers used 2FA to secure their accounts against cyber breaches in 2022.
34% also mentioned updating their systems regularly to prevent software exploits.
Germany Cybersecurity Demography Statistics
15. Globally, Germany was the fifth most affected country by stalkerware in 2021.
About 1,012 users were affected by this cyberattack in 2021. That puts the country behind India (2,105), the USA (2,319), Brazil (4,807), and Russia (7,541).
16. Germany was the most attacked region by stalkerware in Europe in 2021.
With over 1,000 incidents of stalkerware in the year, Germany led the second (Italy – 611 incidents) by almost 40%. In third place was the UK, with 430 incidents for the year.
17. 43% of cyberattacks on German companies in 2020-2021 originated domestically.
Another 37% of these attacks were believed to come from other Eastern European countries, while China had a hand in 30%. Respondents also identified Russian attackers in 23% of cases.
18. Almost 100% of German companies implored the government for more decisive actions against foreign cyberattacks in 2021.
With 99% of respondents in this category, another 94% pushed for bigger funding to protect remote staff. Likewise, 85% wanted the government to implement measures protecting businesses against cyberattacks.
Germany Malware Attack Statistics
19. New malware variant detections in Germany reached 10.1 million in January 2022.
This was the highest over the first five months of 2022, followed by May (8.7 million detections) and April (8.4 million detections). New malware variant detections remained at 8.1 million in February and March 2022.
20. 31% of German brands suffered a malware-related cyberattack between 2020 to 2021.
Denial of Service (DoS) attacks came in second, accounting for 27% of attacks in that period. Social engineering attacks such as spoofing and phishing were reported by 20% and 18% of the surveyed companies, respectively.
Additional Reading:
Germany Ransomware Attack Statistics
21. 96% of German firms believed they were at risk of ransomware attacks in 2021.
Another 95% of respondents were most wary of zero-day exploit attacks, while spyware attacks were the primary concern among 83% of respondents.
22. 300 or more German firms suffered ransomware data leaks in March and April 2022.
300 companies suffered data leaks from ransomware attacks in April 2022, while slightly above 300 were in the same shoes in March. These two months saw the highest ransomware-related data leaks in the first five months of 2022.
23. Conti was responsible for 700 ransomware-related data leaks from Germany-based companies in 2022.
The Lockbit ransomware came second against 500 data leak victims in the same period, followed by Pysa (300) in third. Revil and Maze were notable additions, accounting for just under 300 data breaches and leak attacks on German companies.
24. Globally, Germany accounted for 4.71% of ransomware attacks in Q1 2022.
By Q2 2022, Germany’s share of global ransomware attack incidents surged to 6.46%, declining to 4.62% by Q3.
25. 6 in 10 German companies suffered ransomware attacks between 2021 and 2022.
However, it performed better than China, the most attacked region, with almost 90% of Chinese companies falling victim to ransomware attacks.
Of the total 17 countries surveyed, Germany was 14th, only ahead of Colombia (53.1%), Mexico (45.5%), and Turkey (44.9%).
26. In 2022, 61% of surveyed German firms experienced data encryption during a ransomware attack.
The industry average for such attacks was 65%, putting Germany at the lower threshold.
Germany Botnet Attack Statistics
27. Flubot accounted for 37% of all botnet detections in Germany in 2022.
Data collected from January to May 2022 also showed that ArrkiiSDK was detected in 13% of cases, while Qsnatch and Triada botnets appeared in 10% (each) of detections.
The top botnet family detections in Germany in this period are outlined in the table below.
Botnet Family | Detection Frequency |
---|---|
Flubot | 37% |
ArrkiiSDK | 13% |
Qsnatch, Triada | 10% |
Triada | 10% |
Cooee | 5% |
Zeus | 4% |
Androidbauts | 4% |
GinkgoSDK | 4% |
Pirrit | 4% |
Andromeda | 3% |
28. Bad bots generated 39.6% of all internet traffic in Germany in 2021.
Only 2.9% of web traffic in the year was generated by good bots, while the rest (57.4%) was human-generated traffic.
Germany Spam & Phishing Attack Statistics
29. 36% of spam emails in Germany in 2022 perpetrated blackmail and extortion-based cyberattacks.
Another 33% were related to email scams and frauds, with only 16% being advertising spam.
30. Germans experienced 4.5 spam emails per legitimate email in February 2022.
In other words, users would get 45 spam emails for every 10 legitimate emails.
This marked the highest ratio of spam emails to legitimate emails across Q3 2021 to Q2 2022.
Month (2022) | Spam Mail to Legitimate Mail Ratio |
---|---|
January | 1.9 |
February | 4.5 |
March | 1.3 |
April | 1.7 |
May | 0.9 |
31. The German government intercepted 34,000 malware-infested emails in its network monthly in 2022.
Likewise, the government’s network admins restricted access to 78,000 malware-related websites.
32. 9 in 10 email frauds in Germany in 2022 impersonated banks and other financial institutions.
This was as 69% of all spam emails in the reporting period were used to perpetrate cyberattacks of different scales.
33. German companies averaged 16 spoofing attempts in 2021.
The global average across surveyed companies was 10 related attacks in 2021, putting Germany above the mean point.
Additional Reading: 65+ Spam Statistics, Trends, and Forecasts
Germany DDoS Attack Statistics
34. The average DDoS attack in Germany (for 2022) consumed 684 Mbps of bandwidth.
The maximum measured attack surged to 290,000 Mbps, while a series of individual attacks reached 200,000 Mbps in the reporting period.
35. The most significant recorded DDoS attack in Germany in 2022 lasted 228 minutes.
This attack averaged 50,000 Mbps during its lifetime.
36. Across Q2 2021 to Q2 2022, the highest DDoS attack bandwidth in Germany was recorded in December.
DDoS attacks in Germany recorded a 950Mbps average bandwidth in December 2021. September also had a 900Mbps average, while attacks in October 2021 almost reached 900Mbps.
37. DDoS attacks in Germany averaged over 700Mbps bandwidth consumption in January and February 2022.
These represented the highest average attack bandwidths in the year.
Next up was April, when attacks averaged 500Mbps.
Additional Reading: 50+ Botnet Statistics (Updated & Fact-Checked)
Germany Cybersecurity Market Statistics
38. The German cybersecurity market revenue was $6.35 billion in 2022.
Security services accounted for the most significant share (at $3.62 billion), while cyber solutions comprised the rest ($2.74 billion).
39. Cybersecurity spending in Germany is expected to hit $10.47 billion by 2027.
Cyber solutions are projected to constitute a $5.5 billion share, leaving $4.98 billion to the security services sector.
40. German firms’ cyber solutions spending will exceed security services spending for the first time in 2026.
By 2026, cyber solutions spending will contribute $4.77 billion to the German cybersecurity market, slightly ahead of security services ($4.66 billion) for a cumulative $9.43 billion in revenue.
41. German companies will spend an average of $247.5 per employee in the cybersecurity market by 2027.
This was just $85.21 in 2016, leaping to $145.70 by the end of 2022.
42. Cyber solutions would overtake security services in average spend per cybersecurity employee from 2026.
By 2026, Germany would have a $111.9 average spend per cyber solutions employee. In contrast, the security services cybersecurity sector will see a $109.5 average spend, marking the first year (since 2016) that it dipped below cyber solutions.
Germany Cyber Breach & Attack Statistics
43. 18% of cyber-attacked German brands who lost digital data had their intellectual property stolen.
This data collected across 2020-2021 shows an 11% surge compared to 2018-2019 figures. However, communication data theft was the most prevalent (63% of companies affected) in this category.
44. 19% of data breaches against German brands in 2021 led to cloud service access information theft.
Hackers went after non-critical business data in 44% of cases, stole customer data in another 31%, and breached financial data in 29% of cases. In 19% of attacks, hackers went after critical business data.
45. 74.3% of German respondents believed their organizations would suffer a cyberattack in 2022.
Germany’s likelihood of a cyberattack puts it ahead of seven other countries (out of a surveyed 17) that believed a lesser chance of suffering a successful cyberattack in 2022.
The table below shows countries with more optimistic respondents than Germans.
Country | Share of Respondents |
---|---|
Italy | 74% |
Australia | 74% |
France | 70.8% |
Mexico | 63.6% |
Colombia | 60.7% |
Brazil | 55.9% |
Turkey | 38% |
46. 86.3% of German firms were victims of a web or mobile application attack in 2022.
Globally, German firms performed better than 15 other surveyed countries.
They only fared worse than Australia, with 84.8% of companies in the region suffering similar attacks.
47. 67% of surveyed German firms were hit by ransomware in 2021.
This was slightly higher than the global average (66%) obtained from data gathered across 31 countries.
48. 54% of German ransomware victims paid attackers in 2021.
But by 2022, the number of attacked firms paying the ransom dropped six points to 48%.
49. 41% of surveyed German brands experienced a social engineering attempt in 2021.
Hackers contacted 27% of the affected respondents via phone (vishing and smishing) while opting to send emails to 24% of the targets.
Additional Reading: 85+ Ransomware Stats, Trends, and Facts
50. 59% of German companies blamed work from home for increased cyberattacks in 2021.
Likewise, 24% of companies claimed cyber attacks from WFH models happened often.
51. 24% of German brands significantly increased their IT spending against WFH-induced cyber threats in 2021.
39% of surveyed brands only increased their IT spending marginally, while 33% retained the same IT spending as the previous year.
Additional Reading: 80+ Insider Threat Statistics, Forecasts, and Trends
52. 52% of critical infrastructure companies in Germany expected intensified cyberattacks in 2021.
Likewise, half (50%) of mid-sized Germany-based companies with 100-499 employees also expected an increase in the frequency of cyberattacks for the year.
53. 3.26% of initial access broker attacks in Q1 2022 targeted German companies and residents.
The number slightly increased to 3.62% globally in Q2 2022. By Q3, it improved slightly to 3.3%.
Germany Cybersecurity Financials & Budget Statistics
54. German firms allocated 10.8% of their IT budget to information security in 2022.
Globally, companies allocated 12.7% of their IT budgets to information security. Thus, putting Germany at the low end (16th out of 17 countries) of this spectrum.
55. German professionals expected a 3.2% increase in cybersecurity budgets from 2022.
This was less than the 4.6% mean annual cybersecurity budget increase across organizations in 16 other surveyed countries.
Overall, German firms were increasing their cybersecurity budgets by minor amounts.
Country | Cybersecurity Budget Increase |
---|---|
Germany | 3.2% |
Canada | 3.7% |
Italy | 3.7% |
UK | 3.8% |
Spain | 4.1% |
56. German firms paid an average of $273,453 to ransomware actors in 2022.
In contrast, Japanese companies, the highest-paying region, averaged over $4.3 million in the same period. German brands also performed better than the global average of $812,360.
57. German brands spent 48% more to contain and recover from a ransomware attack in 2021 than in 2020.
These brands averaged $1.17 million in spending to remediate a ransomware attack in 2020. By 2021, the cost surged to $1.73 million.
58. The most significant cyberattack against a German firm in 2021-2022 cost $3.4 million.
Only 43% of German firms implemented a robust cyber resilience strategy in 2021, leaving the other 57% exposed.
59. The average cybersecurity specialist gets paid €63,000 annually in Germany.
Security engineers can earn up to €85,000, while Cybersecurity Analysts could take home as much as €77,000 annually.
Here are some of the top earners in the German cybersecurity industry as of 2023.
Position | Salary Range (€) |
---|---|
Security Engineer | 48k – 85k |
Cyber Security Analyst | 40K – 77K |
Cyber Security Engineer | 42K – 91K |
Chief Information Security Officer | 70K – 148K |
Information Security Manager | 64K – 123K |
60. German brands lost €223 billion to cyberattacks in 2021.
As of 2018-2019, German businesses lost €103 billion instead, showing a double-figure climb to 2021 highs.
61. German companies dished out over $300,000 in average ransomware payments in Q4 2021.
The figure was less than $150,000 in Q3 2021 and even lower in Q2 2021, representing a decline from over $200,000 in the first quarter of 2021.
62. German companies with annual revenue up to €9.99 billion paid CISOs more than companies with incomes up to €19.99 billion.
According to 2022 data, companies raking in €5 billion – €9.99 billion paid CISOs a median annual salary of €251,000. That was compared to €176,000 paid by brands generating between €10 billion – €19.99 billion yearly.
Likewise, the relatively smaller companies paid €58,000 in bonuses to CISOs, compared to €45,000 from the more prominent brands.
Germany Cybersecurity Talent Statistics
63. German technology and telecom companies paid their chief information security officers (CISOs) the most in 2022.
This industry paid CISOs a median annual salary of €294,000 in 2022, higher than the overall industry average of €220,000.
The median compensation across other selected industries in 2022 is broken down below.
Industry | Median Annual Pay (€) |
---|---|
Finance/Fintech | 135,000 |
Manufacturing/Energy/Industrial | 203,000 |
Technology and Telecoms | 294,000 |
Healthcare | 220,000 |
Consumer/Retail/Media | 276,000 |
Other Industries | 338,000 |
64. German technology and telecoms companies paid CISOs €69,000 median yearly bonuses in 2022.
This was the highest across the discernable industries, beating the average at €45,000. The healthcare industry came in second, paying CISOs median bonuses of €45,000 annually.
Notable Germany Cybersecurity Breach Statistics and Facts
65. A Saxony-Anhalt district suffered a ransomware attack's impact for over 8 months across 2021-2022.
The attack occurred on July 5, 2021, resulting in the declaration of a state of emergency on July 9, 2021. This state of emergency was lifted on February 2, 2022.
66. 400 German stores of a European consumer electronics retailer were hit by ransomware in 2021.
The November 2021 attack also took offline the ability to order, return or collect goods in the brand’s 1,000 stores across 12 other European countries.
The attackers demanded 50 million to release the company’s systems to it, down from an initially requested 240 million.
67. A ransomware encryption hack targeted Semikron in 2022.
Other sources claimed that the attack on this chip manufacturer was carried out using the LV ransomware, and hackers made away with over 2 terabytes of data.
Nein to Threat Actors
Germany is a lucrative European target for threat actors, but private firms, government establishments, and other relevant stakeholders are improving against the threat landscape. It is also good to see that Germans are paying ransoms lesser and lesser, discouraging hackers from continuing to see German brands as a sure payday.
But while you observe the cybersecurity trends in Germany, it is best to see how the rest of the world performs in comparison. So, check out these statistics on the African cybersecurity landscape to start.
- https://cloud.connect.isc2.org/cyberthreat-defense-report
- https://www.sophos.com/en-us/whitepaper/state-of-ransomware
- https://www.hiscoxgroup.com/cyber-readiness
- https://www.statista.com/outlook/tmo/cybersecurity/germany
- https://www.kaspersky.com/about/press-releases/2022_new-kaspersky-stalkerware-report-confirms-the-link-between-online-and-offline-violence
- https://www.payscale.com/research/DE/Skill=Cyber_Security/Salary
- https://www.bitkom.org/EN/List-and-detailpages/Press/German-business-losses-more-than-220-billion-€os-per-year
- https://www.bsi.bund.de/EN/Service-Navi/Publikationen/Lagebericht/lagebericht_node.html
- https://www.heidrick.com/en/insights/compensation-trends/2022-global-chief-information-security-officer-ciso-survey
- https://ke-la.com/wp-content/uploads/2022/10/KELA-RESEARCH_Ransomware-Victims-and-Network-Access-Sales-in-Q3-2022.pdf
- https://www.munichre.com/content/dam/munichre/contentlounge/website-pieces/documents/MunichRe-Topics-Cyber-Whitepaper-2022.pdf/_jcr_content/renditions/original./MunichRe-Topics-Cyber-Whitepaper-2022.pdf
- https://techcrunch.com/2022/08/03/semikron-hackers-encrypted-electric-vehicles/
- https://www.imperva.com/resources/resource-library/reports/bad-bot-report/
- https://www.mimecast.com/resources/ebooks/the-state-of-email-security-2022/