In most cases of cyber-attacks on companies, the communication data considered as critical that usually flows off is emails, customer and financial data. According to a recent Bitkom study from September 2018, almost half of all industrial companies, (48 %), have suffered damages from cyber-attacks in the last two years and most cases are about communication data theft. Every fifth company has suffered from customer or financial data loss (21 % and 20 % respectively) as a result of cyber-attacks. Patents as well as research and development findings, on the other hand, fell into criminal hands in only one in ten companies.

For the purpose of this survey, the digital association Bitkom interviewed 503 managing directors and security officers from all industries and sectors. The figures that have been published are quite interesting. The most striking finding: On average, 70 % of the small and medium-sized companies had to admit that they had become victims or had probably become victims of criminal attacks in the past two years. The group of companies with 100 up to 499 employees, scored really bad: 73 % of these companies were affected by data theft, sabotage or espionage. Companies with more than 500 employees are best off – but only in comparison with the rest respondents, as “only” 60 % of these companies fell victim to cyber-attacks.

The Bitkom study shows that those who do not invest in their corporate IT security are grossly negligent. Bitkom, however, wanted to know more about it and to go into details, so within the scope of this survey it investigated, which types of criminal attacks had caused damages to companies. The findings show that illegal knowledge transfer, industrial espionage and social engineering are commonly spread and currently occur very often: Almost a third of the companies (32 %) had their IT or telecommunications equipment stolen, while nearly a quarter (23 %) were victims of sensitive digital data or information theft. The industrial companies that took part in the survey also more and more often observe the targeted social manipulation of employees. 24 % of them stated that social engineering was used to persuade their own employees to disclose confidential information. In 11 % of the companies, digital communication such as emails or messenger services was spied on, while another 26 % suspect that their communication has been spied on. Furthermore, every fifth company (19 %) reports that their information and production systems or operations have been digitally sabotaged; 28 % suspect a similar incident.

Although most attacks now are digital, classic analog attacks on industrial companies are still an issue: 21 % of the respondents report theft of sensitive physical documents, papers, templates or machines. In the past two years, 10 % of the surveyed companies have experienced analogous sabotage of information and production systems or operations. This means that devices have been manipulated on site in the company.

But let’s come back to the digital world. After all, according to the Bitkom study, cyber-attacks have caused damage to 47 % of respondents. Here again, medium-sized companies are the ones that were mostly affected – at 52 %, which is above the average. In particular, IT systems have been deliberately infected with malware, presumably for the purpose of sabotage acts. Almost a quarter of the companies (24 %) affected by digital attacks have suffered damage as a result of such a cyber-attack. Next come phishing attacks and exploitation of software vulnerabilities, which have caused damage to 16 % of the affected companies, ranking second at a considerable distance after the infections with malicious software or malware. The damages caused by man-in-the-middle attacks (4 %), DDOS attacks (5 %) and spoofing (6 %), on the other hand, were comparatively less.

In the offender search, the companies found the offenders primarily inside their organizations: Almost two-thirds (63 %) of the managing directors and security officers stated that they suspect or even know for sure that former or current employees stood behind the sabotage or espionage. At the same time, nearly half of the companies (48 %) have identified customers, suppliers, external service providers and competitors as the authors of harmful acts against their own company. In 30 % of the cases, private individuals or hobby hackers stood behind the cyber-attacks, 17 % of the affected respondents reported organized crime, and every ninth company affected (11 %) stated that the offender was a foreign intelligence service.

No matter who the offenders were, the attacks hit companies hard. According to the statistics, the German industry has suffered a total loss of 43.4 billion euros over the past two years due to sabotage, data theft or espionage. The Bitkom study shows that cyberattacks ruin the corporate image above all. The image damages caused to customers or suppliers together with the negative media coverage account for almost 9 billion euros (8.8 billion euros). Industrial companies estimate the damages caused by patent infringements at a similarly high level – at 8.5 billion euros. The damages caused by the failure, theft or damage of information and production systems or operations come to 6.7 billion euros, while 5.7 billion euros have incurred due to investigation and replacement. Revenue losses due to loss of competitive advantages and counterfeit products account for 4 and 3.7 billion euros, respectively.

A look at the financial losses shows that cyber-attacks are expensive. Companies need to take more care of their IT security. Nevertheless, fate wants that exactly the company’s own employees are those who ensure that criminal acts are detected in most cases. Internal company members have detected 61 % of the criminal activities. Next, at a considerable distance, follow attacks discovered by the companies’ own security systems: 40 % of the companies were notified of attacks through their firewalls or virus scanners. Nevertheless, in the future companies should continue to rely on reliable antivirus programs and firewalls in addition to well-trained staff. For example, with iQ.Suite we also offer an efficient business solution for protecting your email communication. Thanks to our spam and virus protection, we guarantee that data is protected when sending confidential information in compliance with all legal requirements for email communication and taking into account the necessary technical and organizational measures for preventing the outflow of confidential content via email. We cover all the necessary areas to protect your email communication regardless of the platform.

By the way: In nearly a quarter of the cases (23 %), cyber-attacks were detected by pure coincidence. Only three percent of the affected companies became aware of an attack through notifications by external law enforcement or supervisory authorities.

Finally, Bitkom also wanted to know for their study, which scenarios are considered by companies as a future threat. 97% of all respondents almost unanimously named the so-called zero-day exploits as the greatest threat. A zero-day exploit is the exploitation of unknown vulnerabilities in software. A large part of the companies (93 %) still fears infection with malware in the future.

68 % see the lack of necessary know how in the form of qualified IT security staff as a threat. In addition, 58 % consider the increasing fluctuation of employees as a risk. Concerns about the pumping out of computing power, such as the unnoticed mining of crypto currencies, are rather low: In comparison, only 29 % of the companies consider this as a danger.