The Federal Criminal Police Office (BKA) presented its “Cyber Situation Picture 2022” on August 16. At the joint press conference with BKA Vice President Martina Link, Bitkom President Dr. Ralf Wintergerst also made a statement on the topic.
Categories
Tags
Contact info
Silicon Saxony
Marketing, Kommunikation und Öffentlichkeitsarbeit
Manfred-von-Ardenne-Ring 20 F
Fax: +49 351 8925 889
Contact person:
“Cybercrime is a threat to our economy and to our society. It may even currently be one of the biggest threats to Germany. And cybercriminals are not sitting alone in a basement somewhere; cybercrime has long been part of global organized crime and is often closely linked to state actors in countries that are not very friendly to us. A successful cyberattack can paralyze a company’s IT and with it its entire production – for hours, days or weeks. It can affect hospitals, infrastructure, energy grids, and transportation. It can be visible as an attack and it can also infiltrate a company step by step via social engineering in a barely perceptible manner. All industries are affected by this, and it also affects public administrations, public utilities, energy providers or hospitals.
In the run-up to this press conference, we surveyed 603 companies with 20 or more employees in Germany about their experiences and assessments around cybercrime.
Almost every second company – 48 percent – states that a successful cyberattack could threaten its own existence. In case anyone thinks those are exaggerated fears: In June, a hospital in Illinois had to close because it couldn’t claim insurance money for months after a ransomware attack.
In Germany, 63 percent of companies expect to be victims of cyberattacks in the next 12 months. Two out of three companies! One can hardly imagine such a value for “classic” crime such as robbery or extortion. Only 19 percent do not expect an attack and 18 percent do not trust themselves to make an assessment.
If you take a closer look at the two-thirds of companies that expect an attack, it also becomes apparent: 43 percent of them think they will be able to successfully fend off the attack. But a majority of 57 percent anticipate difficulty defending against it. So what needs to be done?
On the one hand, the companies themselves are challenged. Not even half of the companies – namely 48 percent – invest enough in cyber security according to their own assessment. Only 30 percent have taken advantage of information offers from the police to protect against cybercrime. 41 percent even admit: We have slept through the issue of cybercrime so far.
I can only say: it is high time to wake up. Anyone who bears responsibility for a company must ensure that IT security is not the sole preserve of IT departments. IT security belongs in top management. And there, three things should be at the top of the agenda.
First: IT security must be provided with the necessary resources. This money is an investment in the future viability of your own company. We recommend allocating no less than 20 percent of total IT spending to the topic of IT security.
Second: All employees must be trained on the topic of IT security. One of the most important gateways for attackers remains the people in the company – and at the same time they form the first and perhaps best defense against attacks. Such training must not only be carried out once as a matter of duty, it must take place regularly. After all, the attackers’ methods and technologies are also evolving.
And thirdly, every company needs an emergency plan for cyber attacks. It must clearly regulate who does what in an emergency. Once a company becomes the victim of an attack, there is no time to ask these questions for the first time. Especially since the company’s internal communication may not work at first. The faster the response, the better the chances of averting greater damage.
But it’s not just the companies that are challenged, the authorities are too. In our survey, 79 percent of companies believe the police cannot effectively prosecute cybercriminals who operate internationally. 74 percent think the police lack expertise around cybercrime. At the same time, 78 percent want police to make greater use of new technologies such as AI in the fight against cybercrime. 90 percent are in favor of expanding police powers to fight cybercriminals. And 91 percent call for police to be better funded and staffed to fight cybercrime.
So companies say more needs to happen, and that’s right. In very concrete terms, for example, a central, easily available and clear cyber situation picture would help companies. However, a lot has already happened in recent years.
There are central contact points for cybercrime, so-called ZAC, in the state criminal investigation departments. They basically serve as contacts on the subject of cybercrime for companies, associations and authorities. However, they also serve to promote trusting cooperation between these actors and the police. However, it must also be said that political support for ZACs varies widely.
It will be important for the future that we manage an even stronger concentration of responsibilities and expertise. Cybercrime is not oriented around our federal structures. And when it comes to combating it, these sometimes unfortunately prove to be a stumbling block. In addition, we need a greater overall presence of police and law enforcement agencies in cyberspace. They, in turn, need expertise, personnel and technical equipment to do so.
The authorities must do more. Businesses need to do more. And both must do more together.
Bitkom is therefore working in the Cybercrime Security Cooperation with the state criminal investigation departments of North Rhine-Westphalia, Hesse, Baden-Württemberg, Saxony, Lower Saxony and Rhineland-Palatinate. Other partners are of course welcome. There, the focus is on exchanging information about attack methods such as social identity fraud or the tracking of cryptocurrencies, as well as workshops or simulation games to practice responding to a cyber attack.
We are also active in the Alliance for Cyber Security. The alliance now includes a network of over 7,000 participants.
A maximum level of cyber security is crucial for digital sovereignty and the competitiveness of Germany as a location for innovation. Now the task must be to translate this realization into more security in a very practical way, in partnership with the authorities.”
– – – –
👉 www.bitkom.org
👉 Bundeslagebild Cybercrime 2022
Graphic: Bitkom
