Secure Data Report: how companies and authorities neglect data transfer
Andreas Öttl, Head of Marketing, explains the study, its findings, and key takeaways for companies.
The recently published Secure Data Report 2023 by FTAPI revealed some surprising insights. Andreas Öttl, our Head of Marketing, shares in an interview how the report came about, the key findings, and what companies can learn from its results.
FTAPI: Hi Andreas. Today, we’re discussing the Secure Data Report by FTAPI, first released in 2023, which will now provide an annual overview of the state of secure data transfer in Germany. To start, can you briefly explain what the study is about and how the report came to be?
Andreas Öttl: Of course. The study examines whether companies and authorities adequately protect sensitive data when transferring it to external recipients. Secure data exchange is part of our daily work, and we’re deeply interested in how information is exchanged in German companies and authorities and how secure that process is.
FTAPI: What do you consider the most important insights from the study?
Andreas Öttl: The study confirmed that companies are well-prepared when it comes to firewalls, password management, and backups. However, they are poorly secured in data transfers, taking unnecessary risks. According to our survey, only 35% of respondents reliably secure their email communication and data transfers. Interestingly, authorities perform slightly better than companies in this area.
FTAPI: Why do you think so few organizations secure their data exchange reliably?
Andreas Öttl: One of the most surprising responses we received was, "We don’t process or send sensitive information." But I highly doubt that reflects reality. I’d bet that almost every company sends emails or files containing critical personal data or business information.
The most common reasons cited for insufficient security are high costs and the complexity of implementation and usage.
FTAPI: What risks do organizations face if they don’t secure their data exchanges properly?
Andreas Öttl: In my view, costs are relative—it’s shortsighted to think otherwise. Compared to the damages caused by GDPR violations, data leaks, or cyberattacks, the costs are negligible. A cyberattack can be existentially threatening, causing financial harm and reputational damage. Many companies think they won’t be affected, but statistics and experience show otherwise. According to Statista, 46% of German companies experienced a cyberattack in the past 12 months. That’s nearly half—an alarmingly high figure!
FTAPI: What would you recommend to these organizations?
Andreas Öttl: My clear recommendation is: take the protection of sensitive data seriously and invest in a secure solution to safeguard sensitive communication and file exchanges. Educate and train your employees on this topic. Encrypt sensitive emails and files, preferably directly within your email program. Confidential files should not be sent via unsecured file-sharing services with unknown server locations. Also, scan incoming files for malware. There are many measures to consider, but ultimately, it’s about providing employees with a suitable, user-friendly tool.
FTAPI: What should organizations consider when selecting and implementing such a solution?
Andreas Öttl: Specific requirements may vary, but some general points are essential. Ensure data can be transmitted end-to-end encrypted. The system should be simple and convenient for both the sender and the recipient. Look for a provider with servers located in Germany or the EU and certifications like ISO 27001 and BSI C5. Ideally, the solution should offer email security, data exchange capabilities, and integrated features such as virus scanners and secure authentication.
FTAPI: Thank you for the valuable insights! We’re already looking forward to next year’s report and the exciting findings you’ll share then.
Complete Secure Data Report
Find all the data and insights from the interview, presented in detail with visualizations.