EU news and policy debates across languages


Germany’s digital security disparity ‘remains striking’


Germany’s digital security disparity ‘remains striking’

Germany shows significant discrepancies among private users with regard to protection against cyber attacks, a recent study shows, with internet users growing increasingly uneasy despite an improved security situation. EurActiv Germany reports.

Encryption techniques, password managers, electronic signatures – almost 60% of Germans urgently need support with regard to internet security issues.

One-fourth of users are in the critical zone, according to the latest DsiN security index. The 2015 report sheds light on the digital security situation among internet users in Germany and was conducted by TNS Infratest on behalf of the association “Germany secure on the internet” (DsiN).

It was presented by the DsiN and the Federal Ministry of Justice and Consumer Protection (BMJV) on Tuesday (23 June) in Berlin.

Though the country’s national index has increased by 2.8 points to a score of 63, “the digital security disparity in Germany remains striking”, said Hartmut Thomsen, chairman of the DsiN and managing director of SAP Germany.

The slight improvement in the national index is primarily due to fewer security-related incidents compared to the previous year. But knowledge of protection measures is stagnating, according to the study, as well as the willingness to apply existing security knowhow.

“What is apparent, is the rise in unease amid a decline in self-detected security incidents,” explained Hartmut Scheffler, CEO of Infratest Germany. “Perceived and actual risk situations are drifting further apart.”

“There are only a few consumers who adequately encrypt their data on the Internet,” explained Ulrich Kelber, parliamentary state secretary at the BMJV.

76% of German internet users see themselves as being largely responsibility for protecting their own data. Roughly 52% of those online agree that they should implement security measures more often.

>>Read: Closing the gaps in EU cybersecurity: Let’s get it right

“The enormous disperity in security among consumer groups in Germany is severe,” Thomsen said.

Overall, the index differentiates between four different types of users, who vary according to their knowledge of security and their behaviour.

The group dubbed “outside users” lies close to the critical threshold value of 50 points, at which the security situation threatens to tip over. According to the index, these individuals are usually between 60 and 69 years old and make up 8% of internet users. Their private internet use is usually around 10 hours per week.

The “fatalistic user” group was able to gain almost 8 index points compared to 2014, scoring 52 points. Meanwhile, the enormous discrepancy between good security knowhow on the one hand and a lack of implementation on the other remains characteristic of this group.

Most users that qualify as “fatalistic” are under 30 and surf the net for up to 20 hours per week for private use. They make up 17% of all internet users in Germany.

Only the study’s so-called “sovereign users” hold a high score with regard to their security level (72 points), making up 42% of Germans using the internet.

The digital security disparity in Germany is unacceptable, said Alastair Bruce, a board member at DsiN and CEO of Microsoft Germany.

“We need an Agenda for Digital Education 2.0 to counteract the security disparity,” Bruce indicated, “this covers an individualised educational mix to satisfy the needs of each user group. In addition, there should be easier access to information and to the dialogue between actors from politics, the economy and the sciences.”


An EU cyber security strategy was presented by the Commission and in 2013, covering the internal market, justice and home affairs and foreign policy angles of cyberspace.

The European Commission shortly after proposed a Directive with measures to ensure harmonised network and information security across the EU.

The proposed legislation will oblige companies to be audited for preparedness and to notify national authorities of cyber incidents with a “significant impact.”

>> Read: Cyber security directive held up in face of 'Wild West' Internet

The directive also suggests that market operators will be liable regardless of whether or not they carry out the maintenance of their network internally or if they outsource it.

The EU singled out a number of sectors which it claimed require more action on cybersecurity including “critical” infrastructure operators in energy, transport, banking and healthcare services.

All member states would be required to adopt network and information security strategies and set up teams to respond to incidents. Cooperation networks would be created at EU level.

Further Reading

“Germany secure on the internet” (DsiN) (German language): DsiN security index

German Ministry of Justice and Consumer Protection (BMJV) (German language): Besserer Schutz persönlicher Daten im Internet: Einigung bei Datenschutzgrundverordnung

German Internal Affairs Ministry (German language): IT und Netzpolitik