In 2021 in the EU, 22.2% of enterprises (with 10 or more employees and self-employed persons) in the business economy (excluding the mining and quarrying and financial sector) experienced ICT security incidents resulting in different types of consequences such as unavailability of ICT services, destruction or corruption of data or disclosure of confidential data. 

The most frequent consequence reported was the unavailability of ICT services due to hardware or software failures (18.7%). Unavailability of ICT services due to attacks from the outside (e.g. ransomware attacks, denial of service attacks) was far less common (3.5%). 

EU enterprises also reported the destruction or corruption of data, caused by two types of incidents: due to hardware or software failures (3.9%) or due to infection by malicious software or unauthorised intrusion (2.1%). 

The least frequent consequence of ICT security incidents was the disclosure of confidential data, related to two different reasons: intrusion, pharming, phishing attack, intentional actions by own employees (1.1%) and unintentional actions by own employees (1.0%).

 

Bar chart: Share of issues resulting from ICT incidents, EU, % of enterprises with 10 or more employees and self-employed persons, 2021

Source dataset: isoc_cisce_ic

 

Finnish enterprises register highest incidence of ICT security problems 

Among EU countries, the highest shares of enterprises that registered ICT security incidents leading to unavailability of ICT services, destruction or corruption of data or disclosure of confidential data, were in Finland, with more than two-fifths (43.8%), followed by the Netherlands and Poland (30.1% and 29.7%), Czechia (29.3%) and Denmark (26.4%).

At the other end of the scale, the lowest shares were in Bulgaria (11.0%), Portugal (11.5%), Slovakia (12.3%), Hungary (13.4%) and Cyprus (14.3%).
 

Bar chart: Enterprises experienced any ICT security related incidents, % of enterprises with 10 or more employees and self-employed persons, 2021

Source dataset: isoc_cisce_ic

 

For more information

 

 

Methodological notes: 

  • Data come from the 2022 Community survey on ICT usage and e-commerce in enterprises and refer to all enterprises with at least 10 employees or self-employed persons (in NACE Rev. 2 sections C to J, L to N and group 95.1). Further methodological information related to the survey can be found here.
  • Data in the database are organised according to the survey year; the results above refer to the calendar year prior to the survey (2021).
  • France: break in the time series due to the implementation of the statistical unit enterprise.
  • Ireland: break in the time series due to changes in national survey methodology.
  • The statistics presented in this news item is collected from enterprises using the internet. When interpreting the data, users should be aware that differences between countries could be correlated with varying degrees of online presence and thus exposure of enterprises of experiencing an ICT security incident.

 

If you have any queries, please visit our contact us page.