Email accounts as targets of cyberattacks: findings from a survey on account security in Germany Created byDörte Stahl|Updated12 April 2026A survey by the German Sicher Handeln initiative (act safe initiative, ISH) shows that whilst many internet users consider the security of their online accounts to be important, they do not consistently implement protective measures. Email accounts are a particular focus here, as they play a central role in digital identity. Safety Awareness and BehaviorAlmost nine out of ten respondents in Germany are at least occasionally concerned about the security of their user accounts. Just 11% are completely careless with their digital access credentials. Nevertheless, there is a discrepancy between knowledge and action. Some internet users continue to use insecure passwords or do not take additional protective measures. Differences are also observed from one age group to another: for instance, 16% of 18- to 24-year-olds state they pay little attention to the issue of account security. Among those aged over 55, this figure is just 8%.One reason for the discrepancy between security awareness and behaviour is the belief that one’s own accounts are of no interest to cybercriminals. This overlooks the fact that every account is profitable for hackers.Email accounts as a central point of accessThe survey shows that email accounts are often inadequately secured. For instance, 17% of respondents reuse their email password, and only 15% use a password manager. Multi-factor authentication is used by just 13%, while passkeys - by 8% of those surveyed.However, email accounts are particularly relevant to cybercriminals. They can be used to reset passwords and take over other accounts, which is why they serve as a gateway to further online services. As a result, in the event of a successful attack, the entire digital identity can be compromised. Attackers can gain access to other services via email and misuse them. These include online shopping services and social networks. Social media profiles can also be taken over to interact with other users under a false identity. Furthermore, attacks on email accounts often go undetected for a long time. Criminals can, for example, set up redirects or access other linked services without those affected noticing immediately.Online banking, by contrast, is considered more sensitive by 37% of users and is therefore protected more rigorously. Security measures such as multi-factor authentication are used more frequently here than for email accounts. Furthermore, banks have stronger security measures in place than email providers.Measures to improve securityVarious measures are recommended to improve account security. These include using unique and strong passwords, employing multi-factor authentication, and using password managers.The initiative also recommends the so-called SHS rule:Stop: Check unusual situations before taking action;Question: Critically question requests;Protect: Report suspicious cases and inform others;Background of the surveyThe results are based on a representative online survey of 2,126 people aged 18 and over in Germany, conducted by the opinion research institute YouGov on behalf of the ‘Initiative Sicher Handeln’. 'Sicher Handeln' is a joint initiative of the police crime prevention departments of the federal states and the federal government, the German Forum for Crime Prevention Foundation, Deutschland sicher im Netz e. V., and the companies RISK IDENT and Kleinanzeigen.© Image credits: Sicher HandelnNews detailsWebsite linkEmail accounts as a target of cyberattacks: Results of an account security surveyDigital technology / specialisationCybersecurityDigital skill levelIntermediateBasicGeographic scope - CountryGermanyShow lessGeographical sphereNational initiative Share this page Log in to comment
