Internet outage: One-fifth of companies had to shut down operations immediately

Contents

According to a survey by the industry association Bitkom, German companies are poorly equipped against hybrid threats that encompass both analog and digital attacks. In the event of an internet outage, the surveyed companies could maintain their business operations for an average of only 20 hours, with one in five (21 percent) having to cease operations immediately. Only 8 percent are confident they can continue working for more than 48 hours. 83 percent expect a serious crisis in Germany as a result of hybrid attacks, such as sabotaging the power grid or introducing ransomware.

“Hybrid attacks on Germany, which play out in a gray area between war and peace, are not a potential risk; they are a reality. Therefore, we must massively ramp up the resilience of the economy, state, and society,” said Bitkom President Dr. Ralf Wintergerst. 73 percent of companies see Germany as inadequately positioned in international comparison.

40 percent not prepared at all

At the same time, most companies do not see themselves as well-positioned. According to Bitkom, 40 percent stated they were not prepared at all, 38 percent rather poorly, 12 at least well, and none saw themselves as very well-equipped. However, 35 percent intend to make preparations. With 59 percent, the majority considers it likely that they themselves will become targets of hybrid attacks. In 61 percent of companies, protection is a top priority for management.

As a preparatory measure, 58 percent already have alternative communication channels, and 27 percent are planning to do so. Furthermore, 57 percent have made backups of their data and also conducted successful recovery tests. 15 percent are planning something similar. In 51 percent, there are alternative workplaces or home office arrangements in case work at the company is no longer possible. 20 percent have an emergency power supply, and 30 percent plan to set one up. Only one in ten companies regularly conducts crisis exercises.

Data lines no longer in the land register

According to companies, energy supply (90 percent), banks and insurance companies (89 percent), and water and wastewater supply (77 percent) are considered particularly at risk. 64 percent classified telecommunications and IT as endangered. Successful attacks on energy supply (97 percent), banks and insurance companies (88 percent), and telecommunications and IT (85 percent) would have significant impacts on their companies.

Bitkom President Wintergerst calls for not making it unnecessarily easy for attackers: “We should refrain from publicly listing data lines in the Gigabit land register, as this represents an additional risk for sabotage. In the area of critical infrastructures, we need data minimization and a strict security and access concept.”

Politics should fix it

Companies expect more information, prevention, and concrete action, especially from politics. 71 percent wish for a government information campaign on how to behave during hybrid attacks. 62 percent want hybrid attackers to be publicly named, and 50 percent advocate for a situational overview of hybrid attacks. 604 companies with ten or more employees in Germany were surveyed; according to Bitkom, the study is representative.

The discussion about the security of German infrastructure has regained urgency due to the power outage in Berlin in early January. According to Stromnetz Berlin, 45,400 households and 2200 commercial businesses were affected and had to go without electricity for days. A left-wing terrorist-motivated arson attack is presumably behind it. At the end of January, the Bundestag passed the KRITIS Dachgesetz, which imposes stricter requirements on companies and parts of the administration for the protection of central institutions and facilities.

(axk)