Cyber security in Germany: Only one in four companies is very well positioned

• Only 24 percent of companies achieve the highest level of cyber security maturity – even though 69 percent of large companies rate their maturity level as advanced or higher.

• 44 percent cite a lack of transparency about their own IT landscape as the biggest challenge; 42 percent of smaller companies do not have a complete asset inventory. 
  
  
• When it comes to digital identity management, only 20 percent achieve an optimized level of maturity; at the same time, 64 percent prioritize multi-factor authentication.
  
  
• 49 percent already use AI in cyber defense, and another 32 percent plan to use it – however, more than half are still in the planning or implementation phase when it comes to protecting AI applications. 

Berlin, February 24, 2026
 

Cyber security is strategically anchored in German companies. Large companies in particular consider themselves well positioned: 69 percent rate their maturity level as advanced or higher. However, across all company sizes, only just under a quarter – 24 percent – achieve the highest level of security. This is shown by the latest IDC InfoBrief "From reaction to resilience – cyber security rethought," supported by KPMG in Germany. The results highlight a structural discrepancy between strategic prioritization and operational penetration. Security measures are increasingly part of corporate strategy, but in many cases there is a lack of a fully integrated, organization-wide coordinated security architecture. 

A key structural obstacle remains the lack of transparency regarding IT and system landscapes. Forty-four percent of companies cite the lack of a central overview as a key challenge. Thirty-seven percent report isolated security solutions without sufficient integration.

There are also gaps in asset inventory: 42 percent of smaller companies do not have a complete inventory of their systems, compared to 24 percent of large companies. Incomplete transparency makes root cause analysis more difficult, prolongs response times, and increases regulatory risks.

Digital identities form the foundation of modern security architectures. Nevertheless, only 20 percent of companies have achieved an optimized level of maturity in identity and access management. 41 percent remain at lower levels of maturity.

At the same time, companies are setting clear priorities: 64 percent plan to introduce or strengthen multi-factor authentication, 62 percent are expanding their central identity and access management, and 53 percent are strengthening privileged access structures.

Risks also remain present in cloud environments. 28 percent see data breaches and data leaks as the greatest threat, while 38 percent cite misconfigurations as a significant security risk.

Artificial intelligence is increasingly becoming part of cyber defense. 49 percent of companies already use AI in their security operations, and another 32 percent plan to use it within the next twelve months. Particularly significant efficiency gains can be seen in threat monitoring and anomaly detection (91 percent) as well as in incident response and analysis (89 percent). AI thus measurably accelerates security-related processes.

At the same time, there are significant gaps in the security of AI applications. More than half of companies are still in the planning or implementation phase of appropriate protective measures. Only 2 percent have a fully integrated AI security framework.