Digital entrepreneurship, 2024

More than half of enterprises make persons employed aware of ICT security related issues

84% of enterprises arrange remote access for their persons employed, 46% conduct remote meetings, 86% use security measures for safe ICT usage, and 19% use compulsory training courses or viewing compulsory material for making persons employed aware of obligations in ICT security related issues.

  • 9 October 2024 at 10:30
  • |
  • final data
Remote access and remote meetings part of everyday business life

64% of employees and self-employed in enterprises with 10 and more employees and self-employed have access to the Internet for business purposes (in 2023: 61%): as regards the activity, 56% in manufacturing (in 2023: 52%) and 74% in service activities (in 2023: 73%).

91% of enterprises provided to persons employed for business purposes portable devices that allow connection to the Internet via mobile telephone networks. Such devices were provided to 35% of employees and self-employed.

When accessing the Internet via a fixed Internet connection, enterprises most often have a maximum contracted download speed at least 100 Mbit/s but less than 500 Mbit/s (42%). 13% have the speed of at least 1 Gbit/s. 92% of enterprises stated that the speed of their fixed connection to the internet is usually sufficient for the actual needs of the enterprise.

84% of enterprises arranged remote access for their employees and self-employed: 82% of small, 91% of medium-sized and all large enterprises. Enterprises arranged the following access:
  • 81% to the enterprise’s e-mail system,
  • 67% to the enterprise’s documents, e.g. files, spreadsheets, pictures, presentations and
  • 65% to the enterprise’s business applications or software, e.g. access to accounting, sales, orders, CRM – Customer Relationship Management.
46% of enterprises conduct remote meetings, e.g. via MS Teams, Webex, Zoom, Skype: 39% of small, 74% of medium-sized and 98% of large enterprises. As regards the activity, 41% in manufacturing and 51% in service activities.

The share of enterprises that do not use security measures to ensure cyber security the highest among small enterprises

The use of the Internet, the digitalization of business, and arranging remote access to ICT increases productivity but also exposes enterprises to cyber threats. 86% of enterprises used security measures to ensure the confidentiality, integrity and accessibility of data and ICT systems: 84% of small, 97% of medium-sized and all large enterprises. As regards the activity, 83% in manufacturing and 90% in service activities. The share of enterprises that do not use security measures is with 16% the highest among small enterprises.

65% of enterprises use at least three security measures, 44% at least five and 27% at least seven security measures.

The most commonly used security measure is authentication via strong password, e.g. with defined minimum length, use of numbers and special characters, periodically changed (76%). 68% of enterprises backup data to a separate location or in the cloud, 61% use network access control, e.g. management of user rights in enterprise’s network, 42% Virtual Private Network (VPN), 34% maintain log files that enable analysis after ICT security incidents, and 32% authentication based on a combination of at least two authentication mechanisms, e.g. a user password and a one-time password (OTP) or a biometric method.

22% of enterprises conduct ICT risk assessment, i.e. periodical assessment of probability and consequences of ICT security incidents: 17% of small, 34% of medium-sized and 78% of large enterprises.

27% conduct ICT security tests, e.g. performing penetration tests, testing security alert system, review of security measures, testing of backup systems: 21% of small, 45% of medium-sized and 83% of large enterprises.



34% of enterprises have documents on measures, practices or procedures on ICT security: 30% of small, 49% of medium-sized and 88% of large enterprises. 63% of those documents were defined or most recently reviewed in the last 12 months, 21% more than 12 months and up to 24 months ago, and 16% more than 24 months ago.

Almost one-fifth of enterprises make persons employed aware of their obligations in ICT security with compulsory training courses or viewing compulsory material

One of the most important security measures is the training of employees in the safe use of ICT as they are the first line of defence against cyber threats. 55% of enterprises make persons employed aware of their obligations in ICT security related issues: 51% of small, 69% of medium-sized and almost all of large enterprises (99%) and as regards their activity, 49% in manufacturing and 61% service activities.

The most used notification method is voluntary training or internally available information, e.g. information on the Intranet (48%). 19% of enterprises use compulsory training courses or viewing compulsory material: 15% of small, 30% of medium-sized and 71% of large enterprises.



Almost a quarter of large enterprises experience various consequences due to ICT related security incidents

The purpose of security measures for the use of ICT is to protect data and systems against unauthorized access, use, disclosure, alteration or destruction. In 2023, 12% (around 1,028) of enterprises with 10 and more employees and self-employed experienced various consequences due to ICT related security incidents: a tenth of small, 18% of medium-sized and 23% of large enterprises.

9% of enterprises experienced unavailability of ICT services: 8% of small, 16% of medium-sized and 20% of large enterprises:
  • 8% unavailability of ICT services due to hardware or software failures,
  • 3% unavailability of ICT services due to attack from outside, e.g. ransomware attacks, Denial of Service attacks.
3% of enterprises experienced destruction or corruption of data: 3% of small, 4% of medium-sized and 6% of large enterprises:
  • 2% destruction or corruption of data due to hardware or software failures,
  • 2% destruction or corruption of data due to infection of malicious software or unauthorised intrusion.
2% of enterprises experienced disclosure of confidential data: 2% of small and medium-sized, and 4% of large enterprises:
  • 2% disclosure of confidential data due to intrusion, pharming, phishing attack, intentional actions by own employees,
  • 1% disclosure of confidential data due to unintentional actions by own employees.

Tables with the latest data, including by cohesion regions, are available in the SiStat Database.
METHODOLOGICAL NOTE
The published data are estimates derived from the survey on the sample that represents enterprises with 10 or more employees and self-employed persons. An enterprise may consist of several ownership-related legal entities, as long as they operate on the market as one independent enterprise.

Additional explanations are available in the methodological explanations.

The survey is co-funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or Eurostat. Neither the European Union nor the granting authority can be held responsible for them.
When making use of the data and information of the Statistical Office of the Republic of Slovenia, always add: "Source: SURS". More: Copyright.