According to a Bitkom study, the damage caused by cybercrime will amount to 267 billion euros in 2023.
Bitkom and the Federal Office for the Protection of the Constitution presented the study “Economic Protection 2024” on Wednesday. According to the study, the economic damage to German companies caused by attacks in the past twelve months amounted to around 267 billion euros, an increase of around 206 billion euros in the same period last year. More than 1,000 companies from all sectors were surveyed, and the Office for the Protection of the Constitution and Bitkom describe the survey as representative.
According to the study, 81 percent of companies have been victims of theft of data and IT equipment, digital and analog industrial espionage or sabotage, and another 10 percent of companies at least suspect this. This also represents an increase from the previous 72 percent and 8 percent respectively. Cyber attacks are responsible for 67 percent of the damage, around 179 billion euros.
Companies that fell victim to such cyber attacks were able to trace the perpetrators to organized crime in 70 percent of cases, up from just 61 percent previously. Foreign intelligence services are now responsible for 20 percent of the attacks, a significant increase from 7 percent previously. 45 percent of the affected companies were able to trace the attacks back to China, while 39 percent had their origin in Russia – here the two countries have swapped places year-on-year. Only 20 percent of the attacks came from Germany, compared to 29 percent in the same period last year.
There is a growing awareness in the economy of the extent of such attacks: around two-thirds of companies (65 percent) see cyber attacks as a threat to their existence, which was the case for only half of companies (52 percent) in the previous year – in 2021, only 9 percent of companies assessed the cyber threat in this way. Just over half of companies (53 percent) believe they are well prepared for cyber attacks.
Digital attacks are increasing, with 74 percent of companies affected by digital espionage of business data – an increase of 4 percentage points. This includes customer data, access data and passwords, intellectual property such as patents and information from research and development or emails. Overall, there was an increase in “classic analogue attacks”. This includes the theft of IT and telecommunications equipment, which affected 62 percent of companies – the figure is slightly declining. However, the theft of physical documents, samples or components increased, as did the eavesdropping on telephone calls or on-site meetings.
Supply chain security is still largely neglected. Only 37 percent of companies said they had an emergency plan in place should suppliers have security incidents. A further 37 percent admitted that the company lacked the necessary security awareness.
Spending on IT security as a share of the IT budget has risen to 17 percent, from 14 percent previously. 39 percent of companies spend 20 percent or more of their IT budget on IT security, which is what the Federal Office for Information Security (BSI) and Bitkom demanded.
Source: Dirk Knop/heise.de