Bottom line: German companies suffer financial damages from cyberattacks often on the same day, while recovery takes days – yet cybersecurity remains predominantly an IT task rather than a top-management priority.
A study by HarfangLab shows: 47 percent of German executives expect financial damages from cyberattacks on the same business day, while recovery to normal operations takes an average of 3.53 days.
European cybersecurity firm HarfangLab, together with Sapio Research, surveyed a total of 750 executives from companies with at least 250 employees in six European countries in April 2026, including 150 from Germany. The results underscore the speed of cyberattack consequences: 73 percent of surveyed executives expect a serious cyber incident to significantly impair business operations or revenue, with ten percent even anticipating damages within a few hours.
The extent of financial impact is substantial. Nearly one in four companies (24 percent) expect revenue losses of at least 16 percent of daily revenue during a 24-hour outage of critical systems, with five percent even expecting losses above 25 percent. This risk awareness is reflected in overall risk assessment as well: cyberattacks rank alongside geopolitical uncertainty as the greatest threats to business continuity, followed by skilled labor shortages, dependence on non-European technology providers, and uncontrolled AI deployment.
Despite this recognized risk, cybersecurity in many organizations is still treated primarily as a technical problem. 51 percent of respondents confirm that cybersecurity in their organization is not a shared responsibility of the executive level. When it comes to responsibility: IT dominates, with 33 percent identifying the CIO or IT leadership as responsible, 27 percent the CISO, and only 25 percent the CEO. Only 19 percent state that business continuity and rapid recovery currently stand at the center of their security strategy.
Regulatory responsibility significantly amplifies personal pressure on managers. Seven out of ten German executives (70 percent) say that cybersecurity regulation increases the accountability of boards and management. 57 percent are personally concerned about being held liable for a serious incident. At the same time, 57 percent of respondents report frequently not fully understanding what regulatory requirements specifically demand, and 52 percent find the pace of regulatory change barely manageable. However, 63 percent of European executives view European cybersecurity and data protection regulation as a competitive advantage overall.
Source: www.it-daily.net · Published June 22, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.