The number of cyberattacks in Germany has risen just as dramatically in recent years as the total damage they have caused, according to a study by industry association Bitkom. According to the study, this figure was recently around 220 billion euros per year. In 2020 and 2021, 88 percent of companies based in Germany were affected. A total of 1067 companies were surveyed.
Cyber attacks are no longer a marginal phenomenon
The fact that the significance of cyberattacks has increased significantly in a short period of time becomes particularly clear when the figures for 2020/2021 are contrasted with those for 2018/2019: while the average annual damage for 2018/2019 was still 103 billion euros, it is more than twice as high in 2020/2021.
Of the 1067 companies surveyed, 31 percent said they had been affected by malware, while 27 percent went on record as having been affected by DDoS attacks. Spoofing and phishing were also relevant malicious factors, with prevalences of twenty and eighteen percent respectively. The fact that the attacks do not remain without consequences is not only revealed by the damage sum, but also by the statement that nine percent of the companies surveyed see their existence threatened by the attacks.
Security spending on the rise
The mood in German business is correspondingly alarmed: 83 percent of companies said they feared the number of attacks would increase by the end of the year. 45 percent even expect a sharp increase. In response to the assumed and/or actual threat situation, IT security has been focused on in many places. For example, 24 percent of companies have increased their spending in this area significantly and 39 percent at least a little.
Critical infrastructure companies and mid-sized companies with between 100 and 499 employees are particularly at risk. Here, 52 and 50 percent of companies, respectively, see a sharp increase in cyberattacks looming.
Attacks are said to originate mainly from Germany, Eastern Europe and China
According to the information provided by the companies concerned, most of the attacks detected originated in Germany. In addition, Eastern Europe (including Russia) and China were cited as frequent sources of the attacks. EU countries other than Germany and African, South American and Asian countries other than Russia and China, on the other hand, do not play a relevant role according to the companies.
In addition, it is striking that the companies hold both their own employees and amateur attackers as well as organized crime largely responsible for the damage caused.
Snapshot of a mood
The extent to which the survey is representative and the information is consistent is unclear. What is important, however, is that it is primarily a snapshot of mood and assessment. The survey therefore reveals less an actual cross-section of the factual situation than an insight into the assessments of companies based in Germany. This, in turn, is clear: cybercrime has now become a matter of awareness, is perceived as a relevant threat and is increasingly leading to preventive measures.