(de-news.net) – The newly released 2026 Cybersecurity Monitor suggests that cybercrime has become a normalized aspect of everyday digital life in Germany, while cybersecurity awareness among the population remains limited and largely reactive. The representative study, conducted jointly by the Federal Office for Information Security (BSI) and the Police Crime Prevention Program of the federal and state governments, found that 11 percent of respondents had experienced cybercrime within the previous twelve months, while 27 percent reported having been affected at least once overall.
Online shopping fraud remained the most common offense, accounting for 22 percent of reported incidents among victims, followed by unauthorized access to online accounts (14 percent), online banking fraud (13 percent), and phishing attacks (12 percent). Smaller shares of respondents also reported malware infections (7 percent) and ransomware incidents (2 percent).
Although cybercrime exposure increased compared with the previous year, public engagement with digital security continued to be relatively weak. Only 14 percent of respondents stated that they regularly informed themselves about cybersecurity, whereas 40 percent sought information only occasionally and 24 percent never did so. Individuals previously affected by cybercrime displayed somewhat higher levels of awareness: 26 percent of victims reported regularly consulting cybersecurity information, compared with 14 percent among the overall population.
The internet remained the dominant source of cybersecurity information for 62 percent of respondents. Family members, friends, and acquaintances were consulted by 38 percent, while 32 percent relied on social networks, 26 percent on television, and 21 percent on videos or tutorials. Practical emergency guidance represented the most sought-after category of information, cited by 54 percent of respondents, ahead of explanations on recognizing online fraud (50 percent) and preventive protection measures (47 percent). By contrast, only 23 percent expressed interest in technical explanations of how digital technologies function.
The survey also pointed to continuing deficiencies in protective behavior. Among 19 proposed cybersecurity measures, only strong passwords and antivirus software were familiar to more than half of participants, at 55 percent and 54 percent respectively. Actual implementation rates were lower, with 46 percent reporting the use of strong passwords and 40 percent employing antivirus programs. Two-factor authentication was used by 40 percent of respondents, while passwordless login systems such as passkeys were adopted by only 21 percent. Automatic software updates had been activated by 26 percent, and 24 percent stated that they installed updates manually on a regular basis.
On average, respondents were familiar with 6.2 of the 19 security measures but implemented only 3.9. Age differences were pronounced: individuals aged 16 to 22 used an average of 3.4 protective measures, compared with 4.7 among respondents over the age of 69. Nevertheless, 55 percent of participants continued to consider their personal risk of becoming victims of cybercrime to be low or negligible. This perception was especially widespread among the youngest and oldest groups surveyed, where the proportion reached 63 percent and 64 percent respectively.
Victims turn primarily to service providers and police
A strong subjective sense of security represented the most commonly cited reason for not adopting additional safeguards, identified by 27 percent of respondents. Another 23 percent described cybersecurity measures as overly complicated, while an equal share stated that they felt overwhelmed by available options. Conflicting recommendations across different information sources were mentioned by 20 percent.
The impact of cybercrime frequently extended beyond direct financial harm. Among those affected during the previous year, 88 percent reported experiencing some form of damage. Financial losses affected one-third of victims (33 percent), while 29 percent reported diminished trust in online services, 23 percent cited significant time expenditure, 20 percent described emotional strain such as anxiety or humiliation, and 18 percent experienced data loss.
Victims most commonly responded by contacting the operators of affected digital services, a step taken by 35 percent of respondents. Police reports were filed by 32 percent, while 28 percent stated that they had resolved incidents independently. Assistance from relatives or friends was sought by 17 percent, and only 5 percent reported taking no action after experiencing cybercrime.
BSI President Claudia Plattner argued that cybersecurity needed to become more visible, understandable, and accessible in daily life. She maintained that many users sought safer online experiences but lacked practical guidance, while also emphasizing that responsibility for digital security should not rest solely with consumers. Stefanie Hinz similarly stated that cybercrime had become firmly embedded across society and stressed the importance of preventive education, public awareness campaigns, and coordinated law-enforcement action.
As part of their continued cooperation, BSI and ProPK expanded their support services through new emergency checklists addressing identity theft and online shopping fraud, supplementing existing resources covering malware infections, sextortion, and cyberbullying. Conducted between January 6 and January 12, 2026, the survey included 3,060 respondents aged 16 and older across Germany, with demographic weighting applied according to age, gender, educational background, and federal state.
Audio: TTSFree