Security Automation: How German Companies Stack Up
A new study by IBM Security and the Ponemon Institute reveals that 75% of German companies use security automation – outperforming the global average.
The findings from the “Cost of a Data Breach” report are promising. Global average data breach costs have dropped by 1.5% year-on-year. This cost reduction stems largely from security automation and the General Data Protection Regulation (GDPR), both of which improve data visibility and enable faster response to breaches.
Smart Tech Cuts Costs
Organizations leveraging security automation save significantly compared to those not using AI and machine learning. Non-automated security responses to data breaches cost, on average, €6 million – more than double the cost of automated solutions (US$2.4 million).
German companies respond to data breaches fastest globally, taking just 160 days on average. The global average stands at 280 days. This swift identification and containment delivers tangible financial benefits: breaches requiring over 200 days to identify and contain cost, on average, over US$1 million more than those resolved in under 200 days.
Cyberattacks Are Rising
Preceding this ruling was a years-long legal dispute between Facebook and Ireland, an EU member state. Ireland’s Data Protection Commission demanded that U.S. authorities or intelligence agencies generally be denied access to users’ data. This demand rests on the fact that agencies like the NSA can access Facebook data without restriction – a practice incompatible with GDPR principles.
Key Facts
GDPR Fines: European data protection authorities have imposed fines totaling over €4.5 billion to date.
Data Breaches: 83% of organizations experience more than one data protection incident per year.
Frequently Asked Questions
What penalties apply for GDPR violations?
Fines of up to €20 million or 4% of global annual turnover – whichever is higher. In addition, affected individuals may file claims for damages.
What is a Data Protection Impact Assessment (DPIA)?
A DPIA is a systematic evaluation of the risks posed by a data processing activity to the rights and freedoms of individuals. It is mandatory when processing is likely to result in a high risk – for example, in cases involving profiling, video surveillance, or processing of special categories of personal data.
Does the GDPR apply to small businesses?
Yes – the GDPR applies universally to any organization processing personal data of EU citizens, regardless of size. Small businesses benefit from limited exemptions (e.g., no obligation to maintain a record of processing activities if fewer than 250 employees and processing is low-risk), but must still comply fully with all core principles.
Related Articles
- GDPR 2026: What’s Changing and What Companies Need to Watch
- How Machine Learning Is Deployed in IT Security
- What Exactly Is an EU Data Protection Officer?
More from the MBF Media Network
- IT Strategies for Decision-Makers at digital-chiefs.de
- More IT Security Trends at mybusinessfuture.com
Header Image Source: iStock / NicoElNino
Fact: According to Germany’s Federal Commissioner for Data Protection and Freedom of Information (BfDI), reported data protection violations in Germany rose to over 40,000 in 2024.
Fact: According to Bitkom, German companies invest, on average, 14% of their IT budgets in cybersecurity.
TL;DR
- A new study by IBM Security and the Ponemon Institute shows that 75% of German companies use security automation.
- Non-automated security responses to data breaches cost €6 million – more than twice as much as automated solutions (US$2.4 million).
- Fast identification and containment of breaches in Germany deliver measurable financial benefits: incidents requiring over 200 days to identify and contain cost, on average, over US$1 million more than those resolved in under 200 days.
- Global average data breach costs fell by 1.5% year-on-year.
