CIOs Are Concerned About Their Company’s Software Security
Most German CIOs believe their organization is poorly prepared for software-based cyberattacks. Yet, as a study shows, IT leaders often lack the time needed to identify vulnerabilities and implement practical solutions.
A survey by cybersecurity firm Venafi reveals that nearly all of the more than 1,000 German CIOs (Chief Information Officers) surveyed believe their own company is vulnerable to software supply chain attacks.
This awareness isn’t limited to CIOs alone: According to respondents, company executives are also urging IT leadership to strengthen organizational security against such threats.
Awareness Is Growing – Solutions Are Lacking
Awareness of the threat landscape is rising across enterprises – a view echoed by the German Federal Office for Information Security (BSI) in its 2021 annual report.
Yet, as the surveyed CIOs report, concrete, actionable solutions remain scarce. To keep pace with corporate demands for rapid development of new products and services, CIOs frequently must compromise on security policies and controls.
As a result, strategies for building resilient infrastructure – capable of detecting attacks early – are falling by the wayside. And this occurs despite increased investment: 84 percent of all surveyed CIOs have allocated additional budget toward software development security, particularly for Identity and Access Management (IAM) solutions.
Key Facts
Average dwell time: Attackers remain undetected in corporate networks for an average of 204 days.
SMEs in the crosshairs: 43 percent of all cyberattacks target small and medium-sized enterprises (SMEs).
Frequently Asked Questions
What’s the difference between data protection and information security?
Data protection governs the lawful handling of personal data (e.g., legal basis, purpose limitation, data subject rights). Information security encompasses the technical and organizational measures designed to protect all data against loss, manipulation, or unauthorized access.
Does every company need a Data Protection Officer?
Under German law, appointing a Data Protection Officer (DPO) is mandatory if at least 20 people are regularly engaged in automated processing of personal data – or if special categories of personal data (e.g., health data) are processed.
What rights do data subjects have under the GDPR?
The right of access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, and objection. Companies must respond to such requests within one month.
Related Articles
- Ransomware Attacks – What Happens Next for the Victim
- These Tips Protect You from Smartphone Security Vulnerabilities While Traveling
- GDPR 2026: What’s Changing – and What Companies Need to Watch
More from the MBF Media Network
- Explore more IT security trends at mybusinessfuture.com
- Get cloud and infrastructure news at cloudmagazin.com
Header Image Source: Adobe Stock / Andrey
Fact: According to Germany’s Federal Commissioner for Data Protection and Freedom of Information (BfDI), the average processing time for a data protection complaint at German supervisory authorities is eight months.
Fact: IBM reports that 95 percent of all cybersecurity incidents stem from human error.
TL;DR
- A survey by cybersecurity firm Venafi shows that nearly all of the more than 1,000 German CIOs (Chief Information Officers) surveyed believe their company is vulnerable to software-based…
- Awareness is growing – solutions are lacking. Awareness of the threat landscape is increasing across enterprises, as confirmed by the German Federal Office for Information Security (BSI) in its 2021 annual report…
- And this despite higher budgets: 84 percent of all surveyed CIOs have increased spending on software development security – especially on Identity and Access Management (IAM) tools.
- Most German CIOs believe their organization is poorly prepared for software-based cyberattacks.
