German firms face soaring losses from espionage and cyberattacks

According to a report presented by BITKOM and the Federal Office for the Protection of the Constitution, over the past twelve months, 81 percent of German companies were affected by data and IT equipment theft, digital and analog industrial espionage, or sabotage.

The latest data illustrating the scale of this phenomenon was published in the report "Wirtschaftsschutz 2024" prepared by Bitkom, the German Association for Information Technology, Telecommunications, and New Media.

According to Bitkom President Dr. Ralf Wintergerst, "the threat situation for the German economy is escalating. Companies must continue to increase protective measures. This applies to both digital attacks and traditional ones, such as eavesdropping on meetings or physical document theft."

Sinan Selen, Vice President of the Federal Office for the Protection of the Constitution (civil counterintelligence), assessed that "the attack vectors on the German economy have changed, and the intersection between cyber espionage and cybercrime has increased." In his view, "since adversaries are acting holistically, commercial enterprises and security agencies must also act holistically."

The losses incurred by German companies over the past twelve months due to espionage, sabotage, and theft were estimated at £231 billion. By comparison, last year these losses amounted to £178 billion, and in 2022, they were £174 billion. Most attacks on German companies were carried out from China (45 percent), with the Russian Federation ranking second in this category (39 percent).

Felix Kuhlenkamp, BITKOM's security policy specialist, emphasised in response to a query from the FakeHunter service that the study did not ask about a direct causal link between the attacks and the war in Ukraine because "companies were not necessarily able to establish such a connection." However, citing last year's report by the association, Kuhlenkamp recalled that since the beginning of the war, Russia and China have increasingly become bases for attacks on the German economy. In 2023, 46 percent of affected companies could trace the attacks back to Russia, which was half that in 2021.

The expert emphasised that "although Russia was mentioned somewhat less frequently this year, the level of attacks remains significantly higher than in 2021. At the same time, classic 'analog' industrial espionage involving Russia has probably become more difficult due to its currently highly isolated economy."

The most sought-after theft targets are communication data such as email correspondence (63 percent), customer data (62 percent), access data and passwords (35 percent), intellectual property including patents and research results (26 percent), financial data (19 percent), and co-worker data (16 percent).

As the most frequent examples of attacks that "occurred" and "probably occurred," 74 percent of surveyed companies indicated digital data theft, 70 percent digital sabotage of IT or production systems, and 60 percent interception of internal communications. 70 percent of attacks are the result of organised crime activities, with 20 percent originating from foreign agencies.

Analysing the specific costs incurred due to attacks separately, companies reported that they paid the most for theft and downtime or damage to IT and production systems (£47 billion). In comparison, image damage and negative press resulted in £17 billion in losses.

The report's authors also asked companies about their stance on artificial intelligence and potential concerns related to the use of AI. Felix Kuhlenkamp states, "Sure, there are spectacular isolated cases of deepfakes, but they currently do not play a significant role in damage in all cases." The expert notes that the situation may change because "83 per cent of companies believe that artificial intelligence exacerbates the threat situation for the German economy, and 70 per cent believe that AI facilitates cyberattacks."

- On the other hand, artificial intelligence can also be used to enhance cybersecurity – added the expert. According to the report, 61 percent of companies believe that the use of artificial intelligence can significantly improve IT security. Artificial intelligence can, for example, be used to quickly recognise phishing messages or to expose deepfakes.

For the study, a telephone survey was conducted among 1,003 companies employing at least 10 employees and achieving an annual turnover in Germany of at least £904,000. The survey was conducted between week 16 and week 24 of 2024 and is representative.