Germany’s Association for Information Technology, Telecommunications, and New Media (Bitkom) released a report on Thursday (September 18), revealing that German companies suffered a record high total loss of 289.2 billion euros in the past year due to data theft, industrial espionage, and sabotage. Network attacks alone accounted for 202.4 billion euros, constituting 70% of the total loss.
According to the survey, China and Russia were identified as the main sources of attacks on enterprises. 46% of the affected companies reported attacks originating from China, while another 46% had experienced at least one attack from Russia. Compared to the previous year, attacks from both China and Russia had increased.
Following closely behind were Eastern European countries outside the EU (31%), the United States (24%), EU member states (22%), and Germany itself (21%).
Sinan Selen, Deputy Director of the German Federal Office for the Protection of the Constitution (BfV), stated that attacks from China primarily focus on “economic espionage,” aiming to gain technological advantages, while Russia tends to employ strategies involving “destruction” and “disinformation.”
Bitkom’s Chairman, Ralf Wintergerst, warned that hybrid warfare and state-sponsored cyber-attacks have become daily threats, with the question no longer being if companies will be attacked, but when and how effectively they can defend themselves.
Selen noted that “foreign intelligence agencies are attacking Germany’s economy with increasing frequency,” and these attacks are becoming “more professional, aggressive, and versatile.”
He pointed out that 28% of the affected companies confirmed that the attackers were state actors, a significant increase from 20% last year and far higher than the 7% in 2023. The line between state and non-state actors is becoming increasingly blurred, with some countries tacitly allowing or even utilizing the actions of criminal organizations.
Attacks targeting various sectors including economic, political, scientific, and social are on the rise, prompting Germany to enhance cooperation between domestic and international security agencies, prioritizing economic protection in intelligence efforts.
Ransomware has become a major threat to enterprises, with 34% of German companies experiencing such attacks in the past year, and approximately 15% admitting to paying ransoms, in some cases exceeding millions of euros. Bitkom cautioned that yielding to ransom demands only fuels cybercrime and could lead to repeated attacks on the same company.
Additionally, artificial intelligence (AI) is widely utilized in cyber-attacks, including deepfakes and robocall scams. Around two-thirds of companies believe that AI technology enhances the precision and deception of attacks.
Despite the allocation of 18% of enterprise IT budgets to IT security, doubling from 9% in 2022, over half of the companies have yet to meet the recommended 20% standard suggested by the Federal Office for Information Security (BSI) and Bitkom.
The survey revealed that more than two-thirds of companies believe they overly rely on American cybersecurity solutions and hope for increased government support for domestic suppliers.
Wintergerst concluded that cybersecurity must be at the core of digital transformation, emphasizing that a single successful cyber-attack could cripple a company, and only comprehensive protection can maintain economic competitiveness and resilience.
Founded in 1999, Bitkom, headquartered in Berlin, is Germany’s largest association for the digital economy industry. Its annual “Corporate Security Survey,” conducted by an independent organization covering approximately 1,000 companies, focuses on the impact of cyber-attacks, data theft, and industrial espionage on the economy, serving as a crucial basis for evaluating Germany’s digital security.