220 billion euros in damage from ransomware and other cyber attacks
88 percent of companies in Germany were affected by data theft, espionage or sabotage in 2020 and 2021. In particular, cases in which information and production systems are paralyzed by blackmailers have increased sharply, according to a survey by the IT industry association Bitkom. 1067 companies with 10 or more employees were surveyed.
Overall, at around 220 billion euros per year, the amount of damage was most recently more than twice as high as in 2018 and 2019. At that time, the damage per year was 103 billion euros.
In 2020/2021, malware caused damage in 31 percent of the companies surveyed. DDoS attacks affected 27 percent. Spoofing, the false identity, and phishing, the interception of personal information, caused damage in 20 and 18 percent of companies, respectively. The number of spoofing attempts rose particularly sharply. It grew by 12 percentage points compared to 2018/2019. The number of DDoS attacks increased by 9 percentage points.
As the executives surveyed for the Business Protection 2021 study (PDF) reported, there have been IT security incidents in 59 percent of companies in which home office is generally possible since the beginning of the pandemic. 9 percent of companies threaten their business livelihoods with cyber attacks. 24 percent of the companies have significantly increased their investments in IT security in response to the increased threat situation. 39 percent of the companies spent a little more money on it.
In addition to employees who intentionally or unintentionally cause damage, according to the companies, hobby attackers are behind the attacks in 40 percent of the cases. At the same time, the proportion of attacks that can be assigned to the area of organized crime continued to rise. According to the information, it is already 29 percent.
Companies see attacks with ransomware as the greatest risk. 96 percent consider such attacks to be threatening. 95 percent of companies fear exploiting new security gaps (zero-day vulnerabilities). Spyware attacks (83 percent), attacks with quantum computers (79 percent) and with backdoors (78 percent) are also seen as threatening by the economy.
43 percent of those questioned stated that attacks on the IT in their company came from Germany. 37 percent came from Eastern Europe, 30 percent from China, 23 percent from Russia and 16 percent from the USA.
More threats expected
The prevailing opinion in the German economy is that the threat from cyber attacks will become even more serious in the coming months: 83 percent of companies fear that the number of attacks will increase by the end of this year, 45 percent expect a strong increase. Operators of critical infrastructures see themselves particularly threatened – 52 percent expect a sharp increase in attacks on their company – and medium-sized companies with 100 to 499 employees (50 percent expect a sharp increase).
The study makes it clear how important a resilient economy is for Germany as a business location, said the Vice President of the Federal Office for the Protection of the Constitution, Sinan Selen. The authorities and business can only counter the threats posed by espionage and sabotage through intensive cooperation.