Economic activity cluster	Main variables	Total
Total Enterprises	H.1 % of enterprises that apply some ICT security measure	56.96
Total Enterprises	H.1.A % of enterprises with strong password authentication (1)	37.73
Total Enterprises	H.1.B % of enterprises that maintain software updated (1)	51.22
Total Enterprises	H.1.C % of enterprises with biometric authentication (1)	8.33
Total Enterprises	H.1.D % of enterprises with encryption techniques (1)	14.76
Total Enterprises	H.1.E % of enterprises with data backup in a separate location (1)	42.40
Total Enterprises	H.1.F % of enterprises with control of network access (1)	26.15
Total Enterprises	H.1.G % of enterprises with a Virtual Private Network (1)	7.71
Total Enterprises	H.1.H % of enterprises that maintain log files to analyze security incidents (1)	11.29
Total Enterprises	H.1.I % of enterprises with an ICT risk assessment (1)	7.68
Total Enterprises	H.1.J % of enterprises with an ICT security test (1)	8.75
Total Enterprises	H.2.A % of enterprises with voluntary ICT security training	17.22
Total Enterprises	H.2.B % of enterprises with obligations training on ICT security	6.40
Total Enterprises	H.2.C % of enterprises with ICT security obligations by contract	5.64
Total Enterprises	H.3.A % of enterprises whose ICT security is handled by the employees themselves	26.66
Total Enterprises	H.3.B % of enterprises whose ICT security is handled by external providers	27.57
Total Enterprises	H.4 % of enterprises with ICT security documentation	10.32
Total Enterprises	H.5.A % of enterprises with ICT security documentation: Management of ICT access rights (2)	78.46
Total Enterprises	H.5.B % of enterprises with ICT security documentation: Storage, protection, access or processing of data (2)	86.52
Total Enterprises	H.5.C % of enterprises with ICT security documentation: Procedures to prevent or handle ICT incidents (2)	55.61
Total Enterprises	H.5.D % of enterprises with ICT security documentation: Responsibilities, rights and duties of employees in the ICT field (2)	76.77
Total Enterprises	H.5.E % of enterprises with ICT security documentation: Training of employees in the secure use of ICT (2)	50.23
Total Enterprises	H.6.A % of enterprises with ICT security documentation: within the last 12 months (2)	74.26
Total Enterprises	H.6.B % of enterprises with ICT security documentation: between 12 and 24 months (2)	13.21
Total Enterprises	H.6.C % of enterprises with ICT security documentation: more than 24 months ago (2)	12.53
Total Enterprises	H.7.A % of enterprises by type of incident in 2018: ICT services unavailable	1.62
Total Enterprises	H.7.B % of enterprises by type of incident in 2018: Destruction or corruption of data	1.93
Total Enterprises	H.7.C % of enterprises by type of incident in 2018: Disclosure of confidential data	0.28
Total Enterprises	H.8 % of enterprises that have insurance against ICT security incidents	5.73
Industry	H.1 % of enterprises that apply some ICT security measure	53.77
Industry	H.1.A % of enterprises with strong password authentication (1)	33.15
Industry	H.1.B % of enterprises that maintain software updated (1)	47.97
Industry	H.1.C % of enterprises with biometric authentication (1)	5.59
Industry	H.1.D % of enterprises with encryption techniques (1)	11.71
Industry	H.1.E % of enterprises with data backup in a separate location (1)	36.84
Industry	H.1.F % of enterprises with control of network access (1)	22.15
Industry	H.1.G % of enterprises with a Virtual Private Network (1)	4.68
Industry	H.1.H % of enterprises that maintain log files to analyze security incidents (1)	6.82
Industry	H.1.I % of enterprises with an ICT risk assessment (1)	4.49
Industry	H.1.J % of enterprises with an ICT security test (1)	5.03
Industry	H.2.A % of enterprises with voluntary ICT security training	12.41
Industry	H.2.B % of enterprises with obligations training on ICT security	5.65
Industry	H.2.C % of enterprises with ICT security obligations by contract	4.47
Industry	H.3.A % of enterprises whose ICT security is handled by the employees themselves	22.14
Industry	H.3.B % of enterprises whose ICT security is handled by external providers	29.54
Industry	H.4 % of enterprises with ICT security documentation	7.17
Industry	H.5.A % of enterprises with ICT security documentation: Management of ICT access rights (2)	71.77
Industry	H.5.B % of enterprises with ICT security documentation: Storage, protection, access or processing of data (2)	83.44
Industry	H.5.C % of enterprises with ICT security documentation: Procedures to prevent or handle ICT incidents (2)	53.77
Industry	H.5.D % of enterprises with ICT security documentation: Responsibilities, rights and duties of employees in the ICT field (2)	73.87
Industry	H.5.E % of enterprises with ICT security documentation: Training of employees in the secure use of ICT (2)	52.50
Industry	H.6.A % of enterprises with ICT security documentation: within the last 12 months (2)	81.24
Industry	H.6.B % of enterprises with ICT security documentation: between 12 and 24 months (2)	9.84
Industry	H.6.C % of enterprises with ICT security documentation: more than 24 months ago (2)	8.92
Industry	H.7.A % of enterprises by type of incident in 2018: ICT services unavailable	0.95
Industry	H.7.B % of enterprises by type of incident in 2018: Destruction or corruption of data	1.97
Industry	H.7.C % of enterprises by type of incident in 2018: Disclosure of confidential data	0.53
Industry	H.8 % of enterprises that have insurance against ICT security incidents	3.64
Construction	H.1 % of enterprises that apply some ICT security measure	44.57
Construction	H.1.A % of enterprises with strong password authentication (1)	29.63
Construction	H.1.B % of enterprises that maintain software updated (1)	36.53
Construction	H.1.C % of enterprises with biometric authentication (1)	7.18
Construction	H.1.D % of enterprises with encryption techniques (1)	7.60
Construction	H.1.E % of enterprises with data backup in a separate location (1)	28.81
Construction	H.1.F % of enterprises with control of network access (1)	14.18
Construction	H.1.G % of enterprises with a Virtual Private Network (1)	5.02
Construction	H.1.H % of enterprises that maintain log files to analyze security incidents (1)	5.97
Construction	H.1.I % of enterprises with an ICT risk assessment (1)	4.90
Construction	H.1.J % of enterprises with an ICT security test (1)	6.40
Construction	H.2.A % of enterprises with voluntary ICT security training	9.33
Construction	H.2.B % of enterprises with obligations training on ICT security	6.08
Construction	H.2.C % of enterprises with ICT security obligations by contract	5.87
Construction	H.3.A % of enterprises whose ICT security is handled by the employees themselves	17.33
Construction	H.3.B % of enterprises whose ICT security is handled by external providers	22.14
Construction	H.4 % of enterprises with ICT security documentation	6.58
Construction	H.5.A % of enterprises with ICT security documentation: Management of ICT access rights (2)	69.94
Construction	H.5.B % of enterprises with ICT security documentation: Storage, protection, access or processing of data (2)	77.73
Construction	H.5.C % of enterprises with ICT security documentation: Procedures to prevent or handle ICT incidents (2)	44.76
Construction	H.5.D % of enterprises with ICT security documentation: Responsibilities, rights and duties of employees in the ICT field (2)	63.76
Construction	H.5.E % of enterprises with ICT security documentation: Training of employees in the secure use of ICT (2)	40.03
Construction	H.6.A % of enterprises with ICT security documentation: within the last 12 months (2)	60.61
Construction	H.6.B % of enterprises with ICT security documentation: between 12 and 24 months (2)	7.91
Construction	H.6.C % of enterprises with ICT security documentation: more than 24 months ago (2)	31.49
Construction	H.7.A % of enterprises by type of incident in 2018: ICT services unavailable	1.56
Construction	H.7.B % of enterprises by type of incident in 2018: Destruction or corruption of data	1.67
Construction	H.7.C % of enterprises by type of incident in 2018: Disclosure of confidential data	0.12
Construction	H.8 % of enterprises that have insurance against ICT security incidents	2.32
Services	H.1 % of enterprises that apply some ICT security measure	60.11
Services	H.1.A % of enterprises with strong password authentication (1)	40.05
Services	H.1.B % of enterprises that maintain software updated (1)	54.90
Services	H.1.C % of enterprises with biometric authentication (1)	8.88
Services	H.1.D % of enterprises with encryption techniques (1)	16.70
Services	H.1.E % of enterprises with data backup in a separate location (1)	46.06
Services	H.1.F % of enterprises with control of network access (1)	29.28
Services	H.1.G % of enterprises with a Virtual Private Network (1)	8.63
Services	H.1.H % of enterprises that maintain log files to analyze security incidents (1)	12.96
Services	H.1.I % of enterprises with an ICT risk assessment (1)	8.64
Services	H.1.J % of enterprises with an ICT security test (1)	9.67
Services	H.2.A % of enterprises with voluntary ICT security training	19.51
Services	H.2.B % of enterprises with obligations training on ICT security	6.55
Services	H.2.C % of enterprises with ICT security obligations by contract	5.71
Services	H.3.A % of enterprises whose ICT security is handled by the employees themselves	29.25
Services	H.3.B % of enterprises whose ICT security is handled by external providers	28.61
Services	H.4 % of enterprises with ICT security documentation	11.50
Services	H.5.A % of enterprises with ICT security documentation: Management of ICT access rights (2)	79.99
Services	H.5.B % of enterprises with ICT security documentation: Storage, protection, access or processing of data (2)	87.86
Services	H.5.C % of enterprises with ICT security documentation: Procedures to prevent or handle ICT incidents (2)	57.14
Services	H.5.D % of enterprises with ICT security documentation: Responsibilities, rights and duties of employees in the ICT field (2)	78.65
Services	H.5.E % of enterprises with ICT security documentation: Training of employees in the secure use of ICT (2)	51.41
Services	H.6.A % of enterprises with ICT security documentation: within the last 12 months (2)	75.58
Services	H.6.B % of enterprises with ICT security documentation: between 12 and 24 months (2)	14.11
Services	H.6.C % of enterprises with ICT security documentation: more than 24 months ago (2)	10.30
Services	H.7.A % of enterprises by type of incident in 2018: ICT services unavailable	1.71
Services	H.7.B % of enterprises by type of incident in 2018: Destruction or corruption of data	1.99
Services	H.7.C % of enterprises by type of incident in 2018: Disclosure of confidential data	0.29
Services	H.8 % of enterprises that have insurance against ICT security incidents	6.72