heise PlusAbo
Anzeige

Study: Cyberattacks Hit Stock Prices and Financial Forecasts Hard

A new survey shows drastic financial consequences of cyberattacks: 70 percent of publicly traded companies had to adjust their profit forecasts.

listen Print view
Computer circuit board in blue, red lock, red spider, red skull

(Image: heise medien)

5 min. read
iX Magazin
By
Contents

Cyberattacks have far-reaching financial consequences that extend far beyond immediate technical damage. According to a recent study by data security provider Cohesity, 70 percent of publicly traded companies worldwide had to revise their profit or financial forecasts after a serious cyberattack. 68 percent recorded noticeable impacts on their stock prices.

The study “Risk-Ready or Risk-Exposed: The Cyber Resilience Divide” defines a significant cyberattack as an incident with measurable impacts on finances, reputation, operations, or customer churn. More than half of the companies surveyed (54 percent globally, 52 percent in Germany) experienced at least one such attack in the past twelve months.

German companies are comparatively more robust: only 52 percent of publicly traded firms in Germany had to adjust their financial forecasts, and only 45 percent saw an impact on their stock prices. For non-publicly traded companies, 62 percent in Germany diverted budget from innovation and growth to recovery after attacks—compared to 73 percent globally.

“These results show that German companies are comparatively well-positioned to keep the business impact of a cyberattack small,” explains Patrick Englisch, Director & Head of Technology Sales Central Europe at Cohesity. However, 54 percent of German respondents consider their cyber resilience strategy to be in need of improvement.

High costs and Legal Consequences

The financial damages are considerable: 31 percent of German companies lost between one and ten percent of their annual revenue due to cyberattacks, while globally it was 36 percent. Legal and regulatory consequences such as fines and court proceedings affected 89 percent of German firms—a only slightly better figure than the 92 percent worldwide.

Particularly problematic: Over 80 percent of companies in Germany and worldwide paid ransoms in ransomware attacks last year. More than a third of them even transferred over a million dollars to the extortionists.

Videos by heise

Automation as a Weakness

A critical difference is evident in the automation of attack defense: while 44 percent of attacks worldwide are automatically detected and verified, this figure is only 35 percent in Germany. In Germany, manual verification before a reaction predominates at 42 percent; worldwide, this figure is 37 percent.

Data recovery from backups takes more than a day in the vast majority of companies (Germany: 94 percent, worldwide: 96 percent). In one in ten cases, companies require at least a week for complete data recovery. Accordingly, 63 percent of German respondents demand greater automation in detection, response, and recovery.

The demand for more automation aligns with findings from other recent studies. A study by the industry association eco published in October 2025 had already shown that around 40 percent of German companies use AI-supported systems for anomaly detection and incident response. According to eco, 88 percent of IT security professionals rate the threat landscape as high or very high.

German Caution as a Security Advantage

Interestingly, the often-criticized German reluctance towards new technologies proves to be a security advantage: while 37 percent of respondents worldwide state that GenAI tools are being introduced in their companies significantly faster than they consider safe, this is only the case for 29 percent in Germany. The typically perceived German skepticism thus apparently slows down the overly rapid introduction of tools whose security standards have not yet been sufficiently verified.

Despite the comparatively better figures, Germany is explicitly not spared from the challenges described by the Federal Office for Information Security in its current situation report). State-sponsored attacks and ransomware, in particular, pose ongoing threats.

AI as a Central Tool of the Future

For the future, companies are focusing on artificial intelligence: 41 percent of German respondents expect AI to play a central role in their data security strategy by the end of 2026—worldwide, this figure is 37 percent. Almost all participants foresee a limited use of AI to support human decisions or automate routine tasks. Only one percent intend to use AI solely to fulfill compliance requirements.

“Automation is worthwhile in any case,” emphasizes Englisch. “After all, in Germany and worldwide, over 80 percent of companies paid ransom in connection with ransomware last year—over a third, even more than a million dollars. Every averted attack thus means directly measurable cost savings.”

The study is based on a survey of 3,200 IT and security managers, including 400 from Germany. The survey was conducted in September 2025 by Vanson Bourne on behalf of Cohesity. The respondents represent companies with at least 1,000 employees from the public and private sectors in eleven countries. Details on the results can be found at find at Cohesity.

(fo)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten