European companies intesify their efforts to remain safe from cyber attacks. During 2019, 90% of them, which have 10 or more employees, have gotten at least one security measure regarding their computer and communications systems. According to published data, one out of three enterprises (34%) declared that they have documents, practices or procedures related to ICT protection. From the data of the EU statistical office it is found that 62% of European businesses have informed staff about their ICT security obligations. Meanwhile, one in four companies in the EU (24%) were protected against ICT security incidents, while one in eight companies (12%) had problems with incidents at least once, related to ICT security.
For large enterprises, almost all of them used at least one ICT measure (99% of enterprises employing 250 people or more). This percentage was slightly lower for medium-sized companies, employing 50-249 people (97%) and 92% for small businesses (10 to 49 people).
Eurostat determins that it is now common practice for European companies to develop ICT security measures, practices or procedures, ranging from 76% in large and 54% in medium to 30% in small businesses.
European companies prove to be diligent in informing their staff on cyber security issues. The vast majority (91%) of large corporations informed their employees in 2019 of their ICT security obligations. The same was true for 78% of medium-sized companies and 58% of small companies. In the case of cyber attack incidents, overall, large businesses are more likely to face ICT security threats. One quarter of them (23%) experienced problems from such incidents, 17% in medium-sized and 11% in small businesses, while in 2019, 40% of large, 33% of medium-sized and 22% of small businesses reported being protected from such threats.
In 2019, the most common cyber security measure used by EU companies, according to Eurostat data, was the updating of software or operating systems (87% of companies), followed by thorough authentication with password (77%), backup on a separate location or in the cloud (76%) and network access control (64%). Businesses use less frequently data, document or email encryption techniques (38%), ICT security testing (36%), ICT risk assessment (34%) and user authentication and biometric authentication (10%).