Sabotage, data theft and espionage have caused the German industry a loss of €43.4 billion in the past two years. Seven out of ten industrial companies (68%) were victims of such attacks during this period; one in five companies (19%) suspected this.
These numbers are based on a study by the digital association Bitkom, in which 503 managing directors and security managers from all branches of the industry were interviewed.
“With its world market leaders, the German industry is particularly interesting for criminals,” says Bitkom President Achim Berg. “Anyone who does not invest in IT security is behaving negligently and is endangering his company.” In the past two years, a third of the companies (32%) had IT or telecommunications equipment stolen, while almost a quarter (23%) lost sensitive digital data.
“Illegal knowledge and technology transfer, social engineering and economic sabotage are not rare individual cases but a mass phenomenon,” Thomas Haldenwang, Vice President of the Federal Office for the Protection of the Constitution (BfV), notes. And it is not only theft that causes problems for the industry: Every fifth industrial enterprise (19%) reported digital sabotage of company information and production systems or operational processes. In 11% of the cases, digital communication was spied out on digital communication such as emails or messenger services. Overall, digital IT attacks caused damage for almost half the respondents (47%). Classic analogue attacks are also an issue for the industry but are comparatively less significant. 21% of the respondents found that sensitive physical documents, documents, samples or machines had been stolen. In 10% of the cases, analogue sabotage of company information and production systems or operational processes occurred, for e.g., through the manipulation of devices on-site.
Haldenwang adds: “In addition to classic industrial espionage, we are increasingly concerned about attacks on the assumption that malware is introduced into IT systems with the aim of preparing to sabotage files.”
According to Bitkom, it is often the employees (61%) who ensure that criminal activities in affected companies are finally uncovered. Some 40% of those affected received indications of attacks by their own security systems, whereas almost a quarter (23%) was alerted purely by chance.