More attacks on German companies from China and Russia

Almost every German company was affected by data theft, sabotage, or industrial espionage last year, according to a study recently published by the IT association Bitkom. Bitkom President Wintergerst presented the findings together with the Vice President of the Federal Office for the Protection of the Constitution (BfV). Almost half of those affected were attacked at least once from China or Russia.

Almost three-quarters of the companies surveyed were believed to have been affected by digital sabotage, and almost two-thirds were believed to have had their digital communications spied on and business data stolen. However, the Bitkom study did not only cover digital crime but also the physical theft of documents, samples, or components (41 percent) and the physical sabotage of production systems (22 percent).

Incidents suspected to have originated in China have increased only slightly, but those from Russia have increased significantly. About a quarter of the attacks came from the US, and just under a third were of unknown origin. While just under 30 percent of the crimes were suspected of being committed by foreign intelligence services, organized crime accounted for the majority of offenses at 68 percent.

"The question is not whether companies will be attacked, but when and whether they can successfully fend off these attacks", Bitkom President Wintergert is quoted as saying, adding: "Our defense capability must also become the focus of political attention – also in cyberspace."

Constitutional protection as a whistleblower

According to Vice President Sinan Selen, the Office for the Protection of the Constitution sees its approach as vindicated. It will continue to focus on detecting and preventing attacks by state and state-affiliated actors and expand its activities. According to the Office for the Protection of the Constitution, more than 35 percent of companies now receive information about attackers from authorities – as a result of increased cooperation between the various actors.

For the first time, the amount of damage rose to over 200 billion euros, for example through ransomware, other malware, and distributed denial of service (DDoS) attacks. Damage caused by newer methods such as deepfakes and robocalls does not yet play a major role, but companies report that attacks are increasingly being carried out with the help of AI (artificial intelligence). Not only the amount of damage, but also the budget for IT security is increasing, albeit only slightly. Instead of 17 percent in the previous year, the share of the security budget in companies' IT budgets is now 18 percent.

The study is based on a survey conducted by Bitkom's own market researchers, in which 1,002 companies with an annual turnover of at least €1 million and 10 or more employees were surveyed in the first half of the year. Bitkom states that the survey is representative.

(cku)