Bitkom’s research found that around 9 out of 10 companies (88 percent) had been hit by cyberattacks in 2020/2021.
The German economy suffered damage totaling 223 billion euros as a result of theft, sabotage, and espionage made possible by criminal cyberattacks – that’s more than double the figure for 2018/2019.
Digitalization efforts accelerated by the pandemic were arguably the main factor responsible for this increase. Many people started working from home for the first time, and companies had to facilitate and get to grips with a decentralized working model from one day to the next. To ensure that sensitive data is handled securely in a working-from-home environment, it takes more than just installing virus scanners on employees’ devices. Companies that simply see cybersecurity as an add-on or a task for the IT department are out of sync with current developments. Cybersecurity at companies of all sizes should be implemented as a holistic strategy, otherwise unpleasant surprises or even an existential crisis may be waiting for them around the corner.
Companies wide open to cybercrime
In Germany, SMEs are frequently targeted by cybercriminals – mainly because they often don’t give IT security the attention it requires. Cybercriminals also have a wide range of options at their disposal for exploiting a company’s vulnerabilities. The most common types of attack include:
- Social engineering, phishing, and similar methods: Untrained employees are a vulnerable weak link. Criminals play on human error to obtain confidential information or circumvent security features.
- Distributed denial of service (DDoS): The aim of such attacks is to block a service, for example by making the server unavailable. They are often used for extortion, to cause damage to a competitor, or as a political protest.
- Ransomware: Malware limits or completely blocks access to data or systems. Such attacks usually demand a ransom.
From reputational damage to an existential threat: companies without adequate cybersecurity are at risk of getting caught up in such situations at any moment. The growing prioritization of IT security in politics is making companies also open their eyes to the need to invest in cybersecurity.
An increase in IT security spending
The ever-greater threat from cyberattacks was reflected by an increase in spending on software, hardware, and services in the IT sector during the pandemic. According to Bitkom, approximately 6.2 billion euros was already invested in cybersecurity in 2021 in Germany. The industry association predicts a considerable increase and 6.8 billion euros of revenue for 2022.
However, it’s not just about building a digital security structure. It’s much more about establishing a level of cyber resilience that combines technology and people’s awareness of the dangers. Employees need to be aware that even slight negligence on their part can have serious implications for their company.
Cyber resilience as the cornerstone of digitalization
Companies shouldn’t just focus on cybersecurity, but also on their resistance after a cyberattack. The following aspects are recommended for surviving on the market in the face of cybersecurity challenges:
- Threat protection: This is the basis for averting attacks and includes regular security checks, software and service updates, and employee training.
- Adaptability: Companies should develop an adaptable attitude in order to continuously adjust to new digital challenges. That not only applies to services, but also further training of the team.
- Durability: This protects a company from a larger crisis in the event of an attack. Business processes should be set up so that they can be carried out whatever the circumstances – even without access to the system.
- Recoverability: In the event of a system outage, loss of data, or other consequences resulting from a cyberattack, company processes need to be restored quickly in order to avoid further – usually financial – damage.
Companies must incorporate cybersecurity from the outset
Every step that a company takes in its digitalization journey should be safeguarded by a comprehensive strategy that protects it in the event it is needed.
In 2021, the German government published an extensive cybersecurity strategy, which declares cybersecurity as a national task and identifies action areas as well as future strategies. Only time will tell how successfully the government and the economy can collaborate on this matter.