Berlin There are hardly any companies in Germany that are spared from cyber attacks. This is shown by a study published on Wednesday on behalf of the digital association Bitkom, for which more than 1000 companies from all sectors were representatively surveyed. In the past twelve months, 84 percent of companies were affected by data theft, espionage or sabotage.
Attacks from Russia and China have skyrocketed recently. 43 percent of the affected companies have identified at least one attack from China (2021: 30 percent). 36 percent identified authors in Russia (2021: 23 percent).
Overall, the amount of damage was around 203 billion euros per year – and thus slightly lower than in the record year 2021 with 223 billion euros. In the years 2018/2019 it was only 103 billion euros.
Top jobs of the day
Find the best jobs now and
be notified by email.
Shortly after the start of the Ukraine war, the Federal Office for the Protection of the Constitution significantly tightened its warning of cyber attacks by hackers suspected to be acting on behalf of the Russian military intelligence service. At the time, the Cologne authority called on German companies: “Reduce your communication with branches or business contacts in Russia to a minimum. Keep your communication factual.”
Bitkom President: “Under no circumstances should a ransom be paid”
Digital attacks in particular are worrying the economy. According to this, 39 percent of the companies have experienced in the past twelve months that cyber attacks on them have increased significantly, 45 percent think they have actually increased.
>> Read here: Concern for internal security: the Office for the Protection of the Constitution warns of Russian “false information” about gas shortages
Above all, operators of critical infrastructures are experiencing more and more attacks: 49 percent say the attacks have increased significantly, and 38 percent say they have increased. According to the Bitkom study, concerns about the consequences of a cyber attack are growing: 45 percent of companies believe that cyber attacks can threaten their business existence – a year ago the proportion was just nine percent.
In the case of cyber attacks, attacks on passwords, phishing and infection with malicious software or malware in particular became expensive for companies – one in four companies (25 percent) suffered such damage.
This is followed by so-called DDoS attacks (“Distributed Denial of Service”), in which the attackers try to paralyze servers with a flood of requests (21 percent). Ransomware attacks caused damage in twelve percent of companies, which is a significant decrease after the record year 2021 with 18 percent. In ransomware attacks, hackers encrypt data or lock operating systems and then demand a ransom for decryption.
This year, for example, the Allgäu agricultural machinery manufacturer AGCO/Fendt, based in Marktoberdorf, was exposed to a massive ransomware attack. The entire US AGCO group was affected. According to the company, the attack affected some production facilities worldwide – including in Marktoberdorf.
With regard to ransomware, Berg said: “Attacks can be repelled by technical precautions and employee training.” And those who have up-to-date backups available and draw up an emergency plan can at least significantly reduce the damage of a successful attack.
“Under no circumstances should a ransom be paid,” warned the Bitkom President. “Even then, the victims often do not get their data back in a usable state – and at the same time the perpetrators are motivated to carry out further attacks, and they can also hit the same company again.”
Cyber attacks: Companies expect further increases
A few weeks ago, the IT systems of the chambers of industry and commerce in Germany were also targeted by hackers. The problems caused by this are still not solved. For security reasons, the systems were shut down as a precaution. After testing, they are successively put back into operation.
Even if Germany is not directly affected by cyber attacks, the effects can be felt here too. In a cyber attack against the Viasat satellite service KA-SAT used by the Ukrainian military, the operators of wind turbines in Germany were also affected because the remote maintenance of the wind turbines was carried out via these satellites.
5800 Enercon wind turbines in Germany could no longer be controlled remotely. Many experts rate the danger of such side effects of an attack as higher than a direct attack on German infrastructure.
According to the study, attacks on the economy have shifted further into the digital space. Two-thirds of companies (69 percent) say they have been affected or suspected to have been affected by theft of IT and telecommunications equipment in the past 12 months, an increase of seven percentage points compared to the previous year.
63 percent report the theft of sensitive data (plus three percentage points), 57 percent had digital communication spied on (plus five percentage points) and 55 percent are affected by digital sabotage of systems or operational processes or suspect this (plus three percentage points).
On the other hand, the analog theft of physical documents, records or samples (42 percent, down eight percentage points), tapping of meetings or telephone calls (28 percent, down nine percentage points) and analog sabotage (22 percent, down three percentage points) have declined slightly.
With the war in Ukraine, the cyber threat has increased again.
(Photo: dpa)
According to the study, when digital data is stolen, attackers are increasingly targeting third-party data. 68 percent of the companies affected by this crime state that communication data such as e-mails were stolen (2021: 63 percent). Almost every second (45 percent) had customer data in their sights – after only 31 percent a year ago.
Berg draws the conclusion from the finding that the perpetrators seem to know exactly where they can “hit the hardest”. “If third-party data is stolen, companies face additional damage,” he said. “It ranges from loss of reputation to possible fines from the supervisory authorities.”
Companies expect a further increase in cyber attacks in the next twelve months. According to the study, 42 percent of the companies expect a strong increase, 36 percent a rather strong one.
The operators of critical infrastructure are preparing for even more violent attacks: 51 percent expect a strong, 33 percent a rather strong increase.
Berg advised companies to significantly increase spending on IT security. “The realization of the dramatic consequences a successful attack can have has long been there – but the necessary protection against it is not available for free,” he said. “Here board members and management must take action immediately.”
More: Security experts warn of risks posed by Russian IT specialists