More than half of companies in Germany hit by spying, sabotage or data theft in past two years

More than half the companies in Germany have been victims of sabotage, industrial espionage or data theft in the past two years, German IT industry association Bitkom said on Friday (21 July). About 53% of companies in Germany have been hit with such attacks, up from 51% in a 2015 study, costing an estimated €55bn (£49.35bn, $64.13bn) worth of damage per year.

German firms also lost millions of euros to organised crime in a scam dubbed "CEO Fraud".

According to the survey of 1,069 managers and people responsible for the industry, the damage caused by these attacks also rose by about 8% — up from €51bn a year in 2015.

"Companies need to do much more for their digital security", Bitkom President Achim Berg said in Berlin on Friday. "The study shows that the risk to companies of all industries and any size is real. Anyone can be the victim of espionage, sabotage, or data theft."

Arne Schoenbohm, president of Germany's BSI federal cyber agency, said the high number of companies affected "clearly shows that we still have work to do on cyber security in Germany".

In an interview with Reuters, Schoenbohm said hardware and software makers need to step up to bolster cybersecurity and address vulnerability much more quickly once they are identified.

"There's still a lot of work to be done," he said. "We have to be careful that we don't focus solely on industry and computer users, but also look at the producers and quality management."

About 62% of companies affected found that the perpetrators behind espionage, sabotage or data theft were current or former employees of the company while 41% blamed competitors, suppliers or service providers for these attacks. Around 21% said hobby hackers were responsible for such attacks while 7% blamed organised crime.

Foreign intelligence agencies were identified as the perpetrators in 3% of the cases, Bitkom said.

According to the report, 36% of firms reported that financial data was stolen by threat actors while 41% said communication data such as emails were swiped by attackers. In 17% of cases, sensitive digital data was stolen while 11% said the perpetrators made away with patents and R&D data. Another 10% said employee data was stolen in such attacks.

Over the past few months, several major global cyberattacks affected German companies including the WannaCry ransomware attack in May and the NotPetya attacks in late June that brought production to a halt in some Germany companies for over a week.