ICT security measures used by EU enterprises in 2022

In 2022, 92% of EU enterprises with 10 or more employees and self-employed persons used at least one measure in order to ensure integrity, availability and confidentiality of their data and ICT systems. 

This information comes from data on ICT usage and e-commerce in enterprises published by Eurostat today. The article presents a handful of findings from the more detailed Statistics Explained article.

Source dataset: isoc_cisce_ra

The most common measure used to ensure integrity, availability and confidentiality of enterprises’ data and ICT systems was strong password authentication (82% of EU enterprises), followed by data backup to a separate location or cloud (78%) and network access control (65%). The least common measure was user identification and authentication via biometric methods (13%).

Source dataset: isoc_cisce_ra

In order to remain effective, security measures and procedures should be documented and updated regularly, to keep them up to date against the fast-evolving security threads. In 2022, 37% of EU enterprises reported having documents on measures, practices or procedures on ICT security. Two-thirds of enterprises in Sweden (66%) reported having such documents, while shares higher than 50% were registered also in Finland (57%), Denmark (55%), Portugal (54%) and Ireland (51%). On the other hand, less than a quarter of enterprises had documents on measures, practices or procedures on ICT security in Greece (18%), France (21%) and Bulgaria (22%).

Almost one quarter of EU enterprises (24%) have defined or reviewed their documents on measures, practices or procedures on ICT security during the last 12 months. For 9%, this was the case between 12 and 24 months ago, and for another 5%, it was more than 24 months ago.