€5.10 – That’s All Germans Spend on IT Security

3 min Reading Time

Most Germans are stingy when it comes to IT security and spend only a few euros per month on it. Consequently, even the simplest security measures are often neglected in private settings. This is revealed by a new Bitkom study.

TL;DR

€5.10/month: That’s how little Germans spend on average on the IT security of their private devices.
56 percent invest even less than €5 monthly.
Updates neglected: Only 30 percent react immediately to security updates; 5 percent never update.
Overwhelmed: Only 37 percent feel confident in protecting their devices adequately.
Help unknown: 54 percent don’t know who to turn to in case of a cyberattack.

Protecting private devices like smartphones or laptops is worth only €5.10 per month on average to Germans, and in more than half of all cases (56 percent), even less than €5. A quarter of the 1,021 people surveyed for a Bitkom study (aged 16 and above) spend €5 to €10 per month on the IT security of their private devices, while nine percent spend €11 to €20.

Three percent of those surveyed rely solely on free IT security measures, and another three percent completely forgo antivirus software on their PC or a VPN connection for their smartphone.

Don’t Skimp on Online Banking

“The manufacturers of smartphone and computer operating systems have integrated many protective functions in the past. Nevertheless, everyone should at least check their security settings and consider where paid services can offer added value – especially if the devices are used for sensitive tasks such as online banking,” emphasizes Felix Kuhlenkamp, IT security expert at Bitkom.

As the industry and digital association notes, even the simplest security or protective measures are often neglected. These include regular software updates to close security gaps. Thirty percent of those surveyed react immediately to such update offers, 35 percent update the software of their devices regularly, 20 percent irregularly, 6 percent only when problems occur, and 5 percent never.

When asked how often they check their personal accounts for suspicious activities, 29 percent of the study participants said once a week, 27 percent once a month, 24 percent less than once a month, seven percent almost never, and only ten percent daily.

Don’t Leave the Door Open to Cybercriminals

Kuhlenkamp comments on this with the words: “Just as you wouldn’t leave windows and doors open at home, you shouldn’t leave your smartphone and computer unprotected against unauthorized intruders. This includes using up-to-date software versions as well as deploying appropriate protective software against phishing emails and malware. Regularly checking accounts and devices for suspicious activities is equally important.”

However, many feel overwhelmed, according to the survey. Only 37 percent consider themselves capable of adequately protecting their devices from cyberattacks. Fifty-four percent don’t know who to turn to if they become victims of such attacks.

Nearly half of those surveyed (48 percent) indicated that they would undergo cybersecurity training to better protect themselves from attacks and malware. The latter result is surprising but could also be due to the circumstances of the survey. Kuhlenkamp, however, points out that in addition to the possibility of online courses, adult education centers also include cybersecurity in their curriculum. “Those who feel poorly prepared should sign up there,” says the Bitkom expert.

Private Insecurity, Professional Risk

Negligence in private settings has direct impacts on corporate security. In times of home office and Bring Your Own Device (BYOD), the lines blur. A private smartphone without up-to-date virus protection, which is also used for business emails, is an open gateway. Companies without a clear BYOD policy expose themselves to incalculable risks.

The Bitkom figures reveal a systemic problem: If the majority of the population does not adequately protect their devices, a broad target is created for cybercriminals. Phishing emails, credential stuffing, and social engineering work best where basic protective measures are lacking.

What Basic Protection Actually Costs

The good news: Effective basic protection doesn’t have to be expensive. Operating systems like Windows, macOS, and Android already come with security features – Windows Defender, for example, offers solid basic protection for free. However, it is crucial to actively use and properly configure these functions. Those who use sensitive tasks like online banking, cloud storage, or password management should invest in premium solutions. A good password manager costs €3-5 per month, a VPN service €5-10, and a comprehensive security suite €5-8.

Key Facts at a Glance

Average Expenditure: €5.10 per month for private IT security

Less than €5: 56 percent of respondents

No Protection: 3 percent completely forgo security software

Immediate Updaters: Only 30 percent, 5 percent never update

Self-Assessment: Only 37 percent feel adequately protected

Helpless in Case of Attack: 54 percent don’t know where to turn

Sample Size: 1,021 individuals aged 16 and above (Bitkom 2025)

Fact: According to Bitkom, German SMEs invest on average only 7 percent of their IT budget in cybersecurity – experts recommend at least 15 percent.

Fact: IBM estimates the average cost of a data breach in Germany in 2024 at €4.9 million – a 12 percent increase over the previous year.

Frequently Asked Questions

How much do Germans spend on IT security?

On average, only €5.10 per month. More than half (56 percent) spend even less than €5. Three percent use exclusively free tools, and another three percent forgo protection altogether.

Do the built-in protection functions of operating systems suffice?

For basic protection, yes – Windows Defender, Apple XProtect, and Google Play Protect offer solid basic functions. However, those who use online banking, store sensitive data, or work professionally on the device should additionally invest in password managers, VPNs, and enhanced security suites.

Why are regular updates so important?

Security updates close known vulnerabilities that attackers actively exploit. Those who delay or ignore updates leave these doors open. Nevertheless, only 30 percent of Germans react immediately to update offers – 5 percent never update their software.

What should you do in case of a cyberattack?

Immediately disconnect the affected device from the network, change passwords (from another device), and document the incident. Points of contact are the police (cybercrime reporting center), the BSI (Federal Office for Information Security), and your own IT service provider or internet provider.

Why is private IT protection also relevant for companies?

Due to home office and BYOD policies, many employees use private devices for work as well. An unprotected private device can become a gateway into the company network. Therefore, companies need clear BYOD policies and should sensitize employees to basic security measures.

More from the MBF Media Network

cloudmagazin | MyBusinessFuture | Digital Chiefs

Header Image Source: Adobe Stock / Song about summer

Print article