Main variables	Total
H.1 % of enterprises that apply some ICT security measure (0)	58,7
H.1.A % of enterprises that apply strong password authentication as an ICT security measure (1)	85,21
H.1.B % of enterprises that apply authentication using biometric methods as an ICT security measure (1)	21,56
H.1.C % of enterprises applying authentication based on a combination of at least two authentication mechanisms as an ICT security measure (1)	23,44
H.1.D % of enterprises that apply encryption of data, documents or emails as an ICT security measure (1)	26,53
H.1.E % of enterprises that apply data backup in a separate location as an ICT security measure (1)	72,47
H.1.F % of enterprises applying network access control as an ICT security measure (1)	35,34
H.1.G % of enterprises applying VPN as an ICT security measure (1)	18,25
H.1.H % of enterprises that apply an ICT security monitoring system that allows suspicious activity to be detected as an ICT security measure (1)	15,21
H.1.I % of enterprises that implement log file maintenance that allows analysis after ICT security incidents as an ICT security measure (1)	12,54
H.1.J % of enterprises that implement an ICT risk assessment as an ICT security measure (1)	9,54
H.1.K % of enterprises that perform ICT security testing as an ICT security measure (1)	11,15
H.2 % of enterprises that make their employees aware of their ICT security obligations (1)	38,47
H.2.A % of enterprises offering voluntary training or providing internally available information to make their employees aware of their ICT security obligations (2)	79,28
H.2.B % of enterprises that require mandatory training courses or viewing of material for their employees to make them aware of their ICT security obligations (2)	34,31
H.2.C % of enterprises that contractually make their employees aware of their ICT security obligations (2)	25,63
H.3 % of enterprises that have documents on ICT security measures, practices or procedures (0)	8,05
H.4.A % of enterprises that defined or carried out the latest review of their documents on ICT security measures, practices or procedures in the last 12 months (3)	66,04
H.4.B % of enterprises that defined or last reviewed their documents on ICT security measures, practices or procedures more than 12 months ago and up to 24 months ago (3)	21,23
H.4.C % of enterprises that defined or carried out the latest review of their documents on ICT security measures, practices or procedures more than 24 months ago (3)	12,73
H.5 % of enterprises that have experienced an ICT security incident (0)	4,57
H.5.A % of enterprises that, after experiencing an ICT security incident, suffered a resulting lack of availability of ICT services due to hardware or software failures (4)	67,04
H.5.B % of enterprises that, after experiencing an ICT security incident, suffered a resulting lack of availability of ICT services due to an attack from outside (4)	18,85
H.5.C % of enterprises that, after experiencing an ICT security incident, this resulted in the destruction or corruption of data due to hardware or software failures (4)	28,79
H.5.D % of enterprises that, after experiencing an ICT security incident, this resulted in the destruction or corruption of data due to malware infection or unauthorised intrusion (4)	13
H.5.E % of enterprises that, after experiencing an ICT security incident, this resulted in the disclosure of confidential data due to intrusions, pharming, phishing or intentional actions of the employees themselves (4)	8,94
H.5.F % of enterprises that, after experiencing an ICT security incident, this resulted in the disclosure of confidential data due to the involuntary actions of the employees themselves (4)	5,12