KOF Swiss Economic Institute

Search

Swiss companies investing more in cyber security

The proportion of firms that use various IT security technologies and have appropriate strategies and individuals responsible for cyber security has risen sharply over time. This trend is accompanied by a decrease in the percentage of firms that have security issues. The growing protection of digital infrastructure may therefore pay off in the form of fewer cyber attacks.

The growing digitalisation of many businesses is making companies increasingly vulnerable to cyber attacks. Firms are investing in various types of security technology to protect their digital infrastructure. The penetration of these technologies has increased sharply over the last 16 years (chart G 3). External data protection, for example, has grown from just under 60 per cent at the beginning of the observation period to 90 per cent. The situation is similar for the other security technologies shown in chart 1, whose diffusion has increased by over 20 percentage points in some cases. One interesting aspect here is the sharp rise in the use of intrusion detection software (IDS), which can detect, analyse and report unusual, security-threatening events by automatically monitoring data traffic so that companies can take preventive action as quickly as possible. The proportion of firms using IDS has increased from 10 per cent in 2014 to over 30 per cent in 2020.

Enlarged view: G 3: Spread of security technologies

Large companies in particular have well-formulated security strategies in place

Many firms have explicitly defined security strategies (chart G 4). Almost 80 per cent of all large companies pursue such strategies. The corresponding figure for medium-sized enterprises is just under 60 per cent. Small firms, on the other hand, lag somewhat behind the larger ones at only 30 per cent. We see the same picture among companies that employ a cyber security officer (chart G 5). The relevant percentages for large, medium-sized and small firms are very similar to those for explicitly defined security strategies. However, the proportion of companies with a cyber security officer has risen sharply in all categories over time.

Enlarged view: G 4: Security strategies
Enlarged view: G 5: Cyber security officers

Over 40 per cent of companies have insurance against IT security incidents

Many companies take out insurance to reduce the risk of suffering a significant loss of income due to IT security incidents. The proportion of firms with such insurance has increased in the last two years (chart G 6). Over 40 per cent of companies across the economy as a whole had insurance against IT security incidents in 2020. In contrast to the relevant percentages for security strategies and cyber security officers, the prevalence of insurance does not differ particularly by sector and size category. The relevant figures are around 40 per cent for all categories. Only medium-sized firms have insurance against IT security incidents much more frequently (just under 60 per cent).

Enlarged view: G 6: Insurance against IT security incidents

Declining proportion of companies with security issues

Despite the extensive measures that firms take to improve their IT security, many security issues still occur. Almost one in five companies across the economy as a whole reported security issues during the period from 2019 to 2020 (chart G 7). Large companies were hit particularly hard, with almost 50 per cent of them affected. Security issues include viruses, trojans and unauthorised access to computer systems and data. Security issues have decreased across all size classes since the 2015-2016 period – across the economy as a whole, for example, from just under 40 per cent to 20 per cent. Consequently, there seems to be a correlation between the increasing spread of security technologies, security strategies and cyber security officers on the one hand and the decreasing number of cases of security issues on the other. Companies’ higher investment in cyber security is manifesting itself in a steady decline in reported issues.

Enlarged view: G 7: Security issues

Cost of repairing damage on the increase

When security issues do occur, however, businesses seem to suffer more over time. Across the economy as a whole in 2019 to 2020, around 16 per cent of businesses reported a medium to high level of remediation costs following a security issue (see chart G 8). This proportion has increased since the most recent period of 2017 to 2018. All categories – with the exception of manufacturing – show an increase in the cost of repairing damage after a security issue. The relevant proportions were around 15 per cent everywhere during the 2019-2020 period. Only in construction is the proportion of companies with medium to high costs considerably higher at 25 per cent. While the number of security issues has decreased significantly over time, the economic damage caused in the event of a security issue has grown. Expanding the protection of digital infrastructure must therefore continue to be given high importance.

Enlarged view: G 8: Cost of repairing damage

The study entitled ‘Innovation and Digitalisation in the Private Sector in Switzerland: Results of the 2020 Innovation Survey’, on which this article is based, is available here: https://www.research-collection.ethz.ch/handle/20.500.11850/583885

Contacts

Dr. Andrin Spescha
  • LEE F 112
  • +41 44 632 37 84

KOF Konjunkturforschungsstelle
Leonhardstrasse 21
8092 Zürich
Switzerland

Prof. Dr. Martin Wörter
Lecturer at the Department of Management, Technology, and Economics
  • LEE F 111
  • +41 44 632 51 51

KOF Konjunkturforschungsstelle
Leonhardstrasse 21
8092 Zürich
Switzerland

Similar topics

JavaScript has been disabled in your browser