Cybersicherheitsmonitor 2026: 11% of Internet Users Victimized by Cybercrime in Germany
Cybersicherheitsmonitor 2026: 11% of German internet users were victims of cybercrime last year; 27% have been affected in their lifetime, BSI and ProPK warn.
Düsseldorf — A new national survey shows cybercrime in Germany remains a pervasive threat, with 11 percent of internet users reporting they were victimized in the past year. The Cybersicherheitsmonitor 2026 (CyMon), published by the Federal Office for Information Security (BSI) together with the Police Criminal Prevention of the Länder and the Federal Government (ProPK), also finds that 27 percent of respondents have experienced digital offences at some point in their lives. The report signals persistent exposure across households and workplaces and renews calls for stepped-up prevention and support measures.
Survey Finds 11 Percent Targeted in Past Year
The CyMon study places last year’s victimization rate at roughly one in nine internet users, a figure highlighted by both federal cyber authorities. That proportion reflects a range of offences reported by respondents and indicates that digital threats continue to reach broad swaths of the population. Officials say the number underscores the need for comprehensive public awareness campaigns and improved first-line defenses.
More Than One in Four Report Lifetime Exposure
Beyond the twelve-month snapshot, the monitor finds cumulative experience with digital crime is substantial: more than one quarter of respondents reported having been affected at least once. This lifetime metric captures a variety of incidents, from fraud and phishing to unauthorized access of accounts, and suggests many Germans have encountered harms that can range from nuisance to significant financial or personal loss. The finding frames cyber resilience as an ongoing societal challenge rather than a series of isolated episodes.
Common Forms of Digital Offences Noted by Respondents
While the report aggregates victimization rates rather than ranking individual offence types, common complaints in similar surveys include phishing, online fraud, identity misuse, and account takeovers. These forms of cybercrime often exploit human vulnerabilities such as trust, inattentiveness, or lack of technical safeguards. Authorities emphasize that technical protections and user education work in tandem to reduce the incidence and impact of such attacks.
Demographics and Use Patterns Linked to Risk
The CyMon data points to uneven exposure across different user groups, reflecting how internet habits and device usage influence risk. Younger users tend to report different types of incidents than older groups, while heavy online activity and use of multiple accounts correlate with higher chances of encountering threats. Regional and socioeconomic factors also shape exposure, prompting calls for targeted interventions that address distinct needs and usage patterns.
Authorities Urge Strengthened Prevention and Reporting
In response to the findings, the BSI and ProPK recommend stepped-up preventive measures, including routine software updates, the use of multi-factor authentication, and stronger password practices. They also call for clearer channels for reporting incidents and faster coordination between law enforcement and cybersecurity agencies. The agencies argue that better public information and easier reporting can both reduce victimization and improve the data authorities use to track trends.
Implications for Businesses and Consumers
For companies, the report reinforces the importance of securing customer-facing systems and training staff to recognize social-engineering attempts that can lead to breaches. Small and medium-sized enterprises are particularly vulnerable when security budgets or expertise are limited, making partnership with external providers or public programs more relevant. Consumers are advised to apply basic cyber hygiene consistently, as small steps often prevent the most common attacks.
The Cybersicherheitsmonitor 2026 serves as a reminder that cybercrime in Germany affects everyday users as well as institutions, and that mitigation requires coordinated action across public and private sectors. The BSI and ProPK’s findings point to persistent exposure and a need for practical, scalable measures that raise baseline security without placing undue burden on citizens.
Public education, improved reporting mechanisms, and stronger technical safeguards form the core of recommended responses, according to authorities. As digital life deepens, the survey suggests policymakers and organizations must maintain focus on reducing risk, supporting victims, and strengthening the nation’s overall cyber resilience.
