At the same time, 70 percent of companies that were victims were able to attribute attacks to organized crime. A year ago, this figure was only 61 percent. Foreign intelligence services were named as the perpetrators much more frequently at 20 percent (2023: 7 percent). China has become the most important source of attacks on the German economy. 45% of affected companies were able to trace at least one attack back to the country (2023: 42%). Russia is in second place with 39% (2023: 46%). At the same time, attacks from Eastern European countries outside the EU and Russia increased with 32% (2023: 25%). In contrast, attacks from Germany are on the decline (20 percent, 2023: 29 percent).
“The threat situation for the German economy is intensifying. Companies must continue to ramp up their protective measures. This applies to both digital and traditional attacks, such as eavesdropping on meetings or the theft of physical documents,” says Bitkom President Dr. Ralf Wintergerst. However, cyber attacks pose a particular threat to the economy. Two thirds (65%) of companies now believe their existence is threatened by cyberattacks, compared to 52% a year ago and just 9% in 2021. At the same time, only half (53%) believe that their company is very well prepared for cyberattacks. “IT security is particularly important in a digital, networked world. IT security must be the responsibility of company management everywhere. At the same time, we need to expand the exchange between business and state authorities even further in order to coordinate protective measures and law enforcement.”
The Vice President of the Federal Office for the Protection of the Constitution, Sinan Selen, said at the presentation of the study: “The study results correspond with our assessment of the situation. International conflicts and systemic rivalries characterize the security situation in cyberspace as well as in geopolitical space. An advance towards bloc formation is reflected in political and operational attitudes. We must take a holistic view of economic and scientific exchange in this overall situation. The attack vectors on the German economy have shifted. The interlinking of cyber espionage and cybercrime has increased further. And we are also seeing an even closer connection between digital and analog attacks. Attackers are pursuing the goal of opening the door to classic espionage activities through precisely tailored social engineering. At the same time, the threat of digital and physical sabotage continues to grow. We are concerned about the sharp rise in analog attacks, including sabotage of operational processes and systems.
Since our adversaries operate holistically, commercial enterprises and security authorities must also act holistically. We cannot look at digital and physical security in isolation. A holistic approach must also consider the security of supply chains. Cyber actors have the entire supply chain in mind, while companies often neglect it. We see a considerable need for improvement here. Awareness and readiness are increasing, but we have not yet reached our goal. We need to reduce naivety and replace it with awareness. We must be clear: We are only powerless if we do not cooperate and find joint solutions. We are resilient if we learn about attacks on companies quickly – only then can we act and advise.”
Attacks on the economy are predominantly digital, but analog attacks are also on the rise
After a clear trend towards digital attacks on the German economy was already evident last year, digital attacks will increase again in 2024. At the same time, traditional analog attacks are also on the rise. For example, 74% of companies were affected or probably affected by digital spying on business data, an increase of 4 percentage points compared to the previous year. The companies affected by data theft are significantly more likely to report that customer data (62%, up 6 percentage points), access data or passwords (35%, up 12 percentage points) and intellectual property such as patents and information from research and development (26%, up 9 percentage points) have been stolen. General communication data such as emails continue to be the most frequently affected (63%, up 1 percentage point). Financial data (19%, down 1 percentage point) and employee data (16%, down 17 percentage points) are less frequently affected. 70 percent of companies report digital sabotage of systems or operating processes (up 7 percentage points), while 60 percent report spying on digital communication, such as emails, messengers or video calls (down 1 percentage point).
Most classic analog attacks have increased significantly. For example, the theft of IT and telecommunications devices, which affected or was likely to affect 62%, fell slightly by 5 percentage points. However, there was an increase of 15 percentage points to 50 percent in the theft of physical documents, samples or components, for example, and an increase of 13 percentage points to 30 percent in the interception of telephone calls or on-site meetings. Physical sabotage of systems or processes has also increased – by 9 percentage points to 26%. “If a video call is encrypted and virtually unassailable, the bug in the hotel room can be the means of choice,” says Wintergerst. “Companies need to think about and implement digital and analog security together, and this also applies to protecting IT systems against physical sabotage, for example.”
Many companies neglect the supply chain
An increasingly complex supply chain is also a potential gateway for attackers. 13 percent of all companies know that suppliers have been victims of data theft, industrial espionage or sabotage in the past twelve months, a further 13 percent have suspected it and 21 percent cannot say. In 44% of companies where suppliers were affected or suspected of being affected, the attacks on suppliers had an impact on their own company, such as production downtime, supply bottlenecks or reputational damage. For 40 percent, there were no consequences, 16 percent do not know or do not provide any information. At the same time, only 37% of companies that work with suppliers say that they have an emergency plan in place for how they react to security incidents in the supply chain. 33% are in close contact with suppliers to minimize the risk of attacks in the supply chain. And 19 percent even conduct regular security assessments with suppliers to minimize the risk of attacks. 37% admit that their own company lacks awareness of the risks of attacks on the supply chain, while 13% are concerned that suppliers do not adhere to the same security standards as their own company and could therefore become a gateway for attackers. “Security measures, and IT security measures in particular, are only as good as the weakest link in the chain. Companies should therefore definitely take their entire supply chain into account,” says Bitkom President Wintergerst.
Cyberattacks are on the rise – and account for the majority of damage
The majority (80 percent) of companies have seen an increase in cyberattacks over the past twelve months, with just 2 percent seeing a decrease. And for the next twelve months, 90 percent even expect more cyberattacks, while the remaining 10 percent expect the level to remain unchanged. Cyberattacks are currently responsible for two thirds (67%) of the total damage caused to the German economy by data theft, sabotage and industrial espionage: the damage caused by cybercrime amounted to 178.6 billion euros. This is around 30 billion euros more than in the previous year (2023: 148.2 billion euros).
Companies most frequently report damage caused by ransomware (31%, up 8 percentage points), followed by phishing attacks (26%, down 5 percentage points), attacks on passwords (24%, down 5 percentage points) and infection with malware (21%, down 7%). Distributed denial of service attacks, which paralyze web servers, for example, also frequently cause damage (18%, up 6 percentage points). “Will my company fall victim to cybercrime? – It’s not a question of if, it’s just a question of when and how. Good protection is important, and this also includes measures to keep damage to a minimum, such as regular backups,” says Wintergerst.
Damage caused by new attack methods such as deep fakes and robo calls (3% each), which are becoming easier due to the spread of artificial intelligence, is still rather rare. Companies see both risks and opportunities for IT security in AI. For example, 83% say that AI exacerbates the threat situation for the economy and 70% believe that AI facilitates cyber attacks. However, 61 percent also say that the use of AI can significantly improve IT security.
Significant increase in spending on IT security
Three quarters (75 percent) of companies complain that security authorities are powerless against cyberattacks from abroad. At the same time, 69 percent believe that the threat to their own company from cyber attacks has increased as a result of the numerous wars and conflicts.
In response to the increasingly insecure global situation, companies are reacting by increasing their spending on IT security. 54 percent have taken measures to protect themselves against physical attacks on their IT infrastructure. And 62 percent have tightened their IT security measures. The average proportion of companies’ total IT budgets spent on IT security has risen to 17% this year. In 2023, it was still 14%, and in 2022 only 9%. Four out of ten companies (39%) now spend 20% or more of their IT budget on IT security, in line with a demand from Bitkom and the German Federal Office for Information Security (BSI). A further 38 percent spend 10 to less than 20 percent, 9 percent only 5 to less than 10 percent and 5 percent even less than 5 percent. “We are approaching the target value for average expenditure on IT security. It is important that investment in IT security is maintained at a high level in the long term. Cyber criminals are moving targets and we need to keep at it!” says Wintergerst.
IT security as a question of digital sovereignty
In the business world, IT security is increasingly being viewed as a question of digital sovereignty. For example, 54 percent criticize the fact that politicians in Germany neglect IT security in an international comparison, 76 percent complain that public administration is much less secure against cyber attacks than the German economy. And 72 percent would like German IT security companies to receive targeted support from politicians. 71 percent pay particular attention to the provider’s country of origin when purchasing IT security solutions. “IT security is not a state, IT security is a process and we must actively pursue it. Protection against cyber attacks should be at the heart of a strategy for a secure and digitally sovereign Germany,” says Wintergerst.
– – – – – –
Further links
👉 www.bitkom.org
👉 Presentation: Economic Protection 2024
Graphic: Bitkom
