The survey for the study was conducted by KPMG in February and March 2023 among 903 Austrian companies. The participants included representatives of small and medium-sized enterprises as well as large companies from the automotive, banking, construction, education, chemical, service, energy, healthcare, real estate, industrial, consumer goods, media, public sector, technology, telecommunications, tourism and insurance industries.
Each participant received an online questionnaire with specific questions according to his or her function in the company. In addition, the quantitative questions (Likert scale) were extended by qualitative aspects to give the participants the opportunity to share further impressions and observations or to comment on answers accordingly. For the evaluation, a distinction was made between the internal view/management level (experts, division managers, CSOs, etc.) and the external view/management level (board members, owners, supervisory board members). The results were evaluated by a KPMG cybersecurity expert:in team from the IT Advisory division. KPMG has more than 9,300 cybersecurity experts worldwide, including more than 50 in Austria.
The most important results at a glance:
- All 903 companies surveyed by KPMG have experienced at least one cyber attack in the past year.
- State or state-sponsored attacks (advanced persistent threats, APTs) are seen as a particular challenge for 72% of domestic companies.
- For every tenth company (12 percent), the financial loss amounts to more than EUR 1 million. Just under half of the respondents still suffered a loss of up to EUR 100,000.
- 74 percent of respondents consider increased EU-wide cooperation in the fight against cybercrime essential.
- 55 percent of respondents say cyberattacks threaten their business livelihood.
- 33 percent of the companies surveyed were victims of ransomware/extortion.
- 22 percent were affected by deep fakes in the last twelve months.
- One in three respondents would prefer to use security solutions from Austrian companies.
- 47 percent have already dealt with the topic of NIS2.
- One in four people has been influenced in their private social networks by attempts to influence their professional environment.
- 43 percent of the companies surveyed need an average of 4 to 6 months to hire IT experts. 28 percent even say they need between 7 and 12 months.
- Sixty-three percent of companies believe cyberattacks against their company will increase over the next 12 months.