Data theft, espionage or sabotage – companies in Germany are facing a growing number of attacks. Eight out of ten companies were affected by them last year. This was the result of a study by the IT industry association Bitkom. “The damage is rising to a new record of 267 billion euros,” explains Bitkom President Ralf Wintergerst. The sum is more than 40 billion euros above the previous peak from 2021. “You can see from this how tough the game is today,” he says. The survey questioned a good 1,000 companies with more than ten employees and a turnover of at least one million euros.
Attacks mainly from two countries
The attacks come from both within Germany and abroad. When tracing the attacks via the Internet, two countries in particular are being targeted by investigators. 45 percent of companies say they have identified attacks from China, 30 percent have located the perpetrators in Russia. The association admits, however, that reliable tracing to certain regions is only possible to a limited extent due to the many ways in which traces can be concealed on the Internet. Only one in five attacks came from Germany. The proportion of domestic perpetrators has therefore fallen significantly.
The greatest damage is caused by failure, theft or damage to information and production systems. Companies estimate the costs at almost 55 billion euros. Legal disputes, loss of sales due to plagiarism or costs for investigating the incidents are other major items in the damage report. The perpetrators work both analogue and digitally. Six out of ten companies complain of theft, for example of IT equipment, machines or documents. Digital crimes are becoming more common. Business data is stolen, information and operational processes are sabotaged or communication within companies is spied on. “The threat to the German economy is increasing,” warns Wintergerst.
Gateway often via supply chains
Bitkom sees a particular danger in the growing number of cyber attacks. Two thirds of companies see this as an existential threat. Only one in two companies feels well prepared for it. The perpetrators are looking for weak points in IT in order to penetrate companies. They are increasingly targeting the supply chain in order to reach the actual victim. One in four respondents stated that suppliers had been affected by data theft or espionage. If these companies have lower security standards, cyber intrusion becomes child’s play for the criminals.
However, businesses are now investing significantly more in cyber security. According to the survey, they spend 17 percent of their IT budget on this. Two years ago, it was just nine percent. However, Bitkom experts recommend investing at least 20 percent in self-protection. There is also room for improvement in cooperation with government agencies. “Companies only get in touch when a situation can no longer be controlled,” observes the Vice President of the Federal Office for the Protection of the Constitution (BfV), Sinan Selen. According to Selen, the survey results confirmed the office’s assessment of the situation.
“Industrialization in cyber espionage”
The perpetrators are also becoming more systematic. “We are seeing a kind of industrialization in cyber espionage,” says Selen. Seven out of ten companies suspect organized crime is behind the attacks. One in five respondents sees competitors at work. Secret services have become much more active. Their share of attacks rose from seven to 20 percent last year. “The line between criminal and state actors is becoming increasingly blurred,” observes the BfV vice president. In countries like China and Russia in particular, the two appear to be working more closely together.
The Federal Office for the Protection of the Constitution sees itself as a service provider for protecting the economy. But the Federal Office for Information Security (BSI) also cooperates with companies, for example, issuing warnings about irregularities in data exchange. However, the main burden is borne by the companies themselves. However, they are partly dependent on private cybersecurity companies from abroad. Bitkom and the BfV would like to see stronger domestic security services here. “We must also achieve national resilience in the economy,” demands Selen.