DAX companies appreciate risks: Cyber ​​attacks and bureaucracy dominate!

DAX companies appreciate risks: Cyber ​​attacks and bureaucracy dominate!

The University of Hohenheim and Crunchtime Communications carefully examined the annual reports of 134 DAX companies in a current analysis. The results of this analysis show a significant increase in the reported risks: listed companies in Germany report around 30 % more risks compared to two years ago. Business drivers are aware of the growing threats, but the communication of these risks in their forewords often remains poor.

The greatest risks are identified by the companies themselves as regulatory stress (98 %) and cyber attacks (98 %), followed by geopolitical developments and financial issues (86 %each). Interestingly, the CEO in just 37 % of the foreses talk about risks and mention only 1.2 risks on average; There are no risk of risk in 40 % of the forewords. According to Prof. Dr. Frank Brettschneider is particularly pronounced to perceive bureaucracy and cyber risks as a serious business risk.

growing threats and reactions

cyber incidents worldwide increase, which is caused by the progressive digitization and geopolitical tensions. According to the Federal Office for Information Technology (BSI), the threat in the cyber area was "as high as ever" in spring 2024. The financial sector is particularly affected: almost 20 % of all global cyber incidents in the past 20 years have been directed against this sector. The financial damage since 2004 has been added to almost $ 12 billion, which underlines the susceptibility of the industry.

However, companies react to the increasing threats: 90 % of the DAX companies carry out systematic quantitative risk reviews, with 65 % of companies in the financial sector in the face of growing challenges in cyber attacks. In 2024, payment service providers already recorded 258 reports on payment incidents, which corresponds to an increase compared to previous years.

Current trends in risk management

The analysis also shows a trend towards more systematic risk assessment, which has increased in the past two years. External influences such as cyber attacks and regulatory challenges are perceived as central threats. Only sales and compliance were mentioned by over 80 % of companies, which clarifies that competition and a shortage of skilled workers are also considered to be significant risks to the business success. Compared to 2023, the mention of pandemics, the energy crisis and inflation has decreased as risks.

In addition, 41 % of organizations worldwide experienced three or more critical risk incidents in the past year. The concern about cybercrime remains high, with 58 % of the risk managers consider it one of the five greatest risks for the next three years. Nevertheless, 63 % of managers believe that their risk management processes offer no or only a minimal competitive advantage.

The Bafin plans to introduce measures to strengthen cyber security and harmonize the reporting system for ICT incidents. From January 2025, the Digital Operational Resilience Act (Dora) will continue to take effect, which further defines the framework conditions for dealing with cyber risks. This will improve the general security situation in the financial sector and increase resilience against cyber risks.

Overall, risk management in German companies is more in focus than ever, and the need to adapt to the increasing threats is undisputedly recognized. Companies are required to rethink their strategies and to introduce more efficient measures to cope with risk in order to better master future challenges.

The increasing sensitization in the financial industry is also reflected in the investments in IT security in order to ward off potential attacks and ensure business continuity. The market participants agree: the time for preventive and reactive measures has come.

For more information: bafin , SecureFrame .