German companies hit by $282 billion data theft, espionage surge
According to a report presented by BITKOM and the Federal Office for the Protection of the Constitution, over the past twelve months, 81 percent of German companies were affected by data and IT equipment theft, digital and analog industrial espionage, or sabotage.
2:21 PM EDT, August 29, 2024
The latest data illustrating the scale of this phenomenon was published in the report "Wirtschaftsschutz 2024" prepared by BITKOM, the German Association for Information Technology, Telecommunications, and New Media.
According to BITKOM President Dr. Ralf Wintergerst, "the threat situation for the German economy is escalating. Companies must continue to increase protective measures. This applies to both digital attacks and traditional ones, such as eavesdropping on meetings or physical document theft."
Sinan Selen, Vice President of the Federal Office for the Protection of the Constitution (civil counterintelligence), assessed that "the attack vectors on the German economy have changed, and the intersection between cyber espionage and cybercrime has increased." In his view, "since adversaries are acting holistically, commercial enterprises and security agencies must also act holistically."
The losses incurred by German companies over the past twelve months due to espionage, sabotage, and theft were estimated at $282 billion. By comparison, last year's losses amounted to $217 billion, and in 2022, they were $213 billion. Most attacks on German companies were carried out from China (45 percent), with the Russian Federation ranking second in this category (39 percent).
Felix Kuhlenkamp, BITKOM's security policy specialist, emphasized in response to a query from the FakeHunter service that the study did not ask about a direct causal link between the attacks and the war in Ukraine because "companies were not necessarily able to establish such a connection." However, citing last year's report by the association, Kuhlenkamp recalled that since the beginning of the war, Russia and China have increasingly become bases for attacks on the German economy. In 2023, 46 percent of affected companies were able to trace the attacks back to Russia, which was half that in 2021.
The expert emphasized that "although Russia was mentioned somewhat less frequently this year, the level of attacks remains significantly higher than in 2021. At the same time, classic 'analog' industrial espionage involving Russia has probably become more difficult due to its currently highly isolated economy."
These types of data are stolen the most often
The most sought-after theft targets are communication data such as email correspondence (63 percent), customer data (62 percent), access data and passwords (35 percent), intellectual property including patents and research results (26 percent), financial data (19 percent), and co-worker data (16 percent).
As the most frequent examples of attacks that "occurred" and "probably occurred," 74 percent of surveyed companies indicated digital data theft, 70 percent digital sabotage of IT or production systems, and 60 percent interception of internal communications. 70 percent of attacks are the result of organized crime activities, with 20 percent originating from foreign agencies.
Analyzing the specific costs incurred due to attacks separately, companies reported that they paid the most for theft and downtime or damage to IT and production systems ($57.6 billion), while image damage and negative press resulted in $21.4 billion in losses.
Artificial intelligence facilitates cyberattacks
The report's authors also asked companies about their stance on artificial intelligence and potential concerns related to the use of AI. According to Felix Kuhlenkamp, "sure, there are spectacular isolated cases of deepfakes, but they currently do not play a significant role in terms of damage in all cases." The expert notes that the situation may change, because "83 percent of companies believe that artificial intelligence exacerbates the threat situation for the German economy, and 70 percent believe that AI facilitates cyberattacks."
On the other hand, artificial intelligence can also enhance cybersecurity," added the expert. According to the report, 61 percent of companies believe that artificial intelligence can significantly improve IT security. Artificial intelligence can, for example, quickly recognize phishing messages or expose deep fakes.
For the study, a telephone survey was conducted among 1,003 companies employing at least 10 employees and achieving an annual turnover in Germany of at least $1.1 million. The survey was conducted between week 16 and week 24 of 2024 and is representative.