Main variables Total G.1 % of enterprises that apply some ICT security measure 55,33 G.1.A % of enterprises with strong password authentication (1) 86,08 G.1.B % of enterprises with biometric authentication (1) 16,63 G.1.C % of enterprises with a combination of at least two authentication mechanisms (1) 17,69 G.1.D % of enterprises with encryption techniques (1) 23,03 G.1.E % of enterprises with data backup in a separate location (1) 75,17 G.1.F % of enterprises with control of network access (1) 36,12 G.1.G % of enterprises with a Virtual Private Network (1) 16,45 G.1.H % of enterprises with an ICT security monitoring system 18,1 G.1.I % of enterprises that maintain log files to analyze security incidents (1) 12,29 G.1.J % of enterprises with an ICT risk assessment (1) 9,86 G.1.K % of enterprises with an ICT security test (1) 12,36 G.2.A % of enterprises with voluntary ICT security training 15,92 G.2.B % of enterprises with obligations training on ICT security 5,38 G.2.C % of enterprises with ICT security obligations by contract 4,32 G.3 % of enterprises with ICT security documentation 7,43 G.4.A % of enterprises with ICT security documentation: reviewed within the last 12 months (2) 65,36 G.4.B % of enterprises with ICT security documentation: reviewed between 12 and 24 months (2) 23,79 G.4.C % of enterprises with ICT security documentation: reviewed more than 24 months ago (2) 10,86 G.5 % of enterprises with a security incident 5,2 G.5.A % of enterprises by type of incident: ICT services unavailable due to hardware or software failure (3) 74,02 G.5.B % of enterprises by type of incident: ICT services not available due to external attack (3) 25,49 G.5.C % of enterprises by type of incident: Destruction or corruption of data due to hardware or software failure (3) 38,41 G.5.D % of enterprises by type of incident: Destruction or corruption of data due to external attack(3) 23,78 G.5.E % of enterprises by type of incident: Disclosure of confidential data due to external intrusions (3) 10,41 G.5.F % of enterprises by type of incident: Disclosure of confidential data due the employees themselves (3) 7,76 G.6.A % of enterprises whose ICT security is handled by the employees themselves 25,04 G.6.B % of enterprises whose ICT security is handled by external providers 26,33 G.7 % of enterprises that have insurance against ICT security incidents 5,6