With the rising of technology of processes, workflows and entire production facilities, ha- cker attacks also increased. The number is currently increasing disproportionately. Every second company is a victim several times. Nevertheless, cyber-attacks are significantly underestimated by most companies, even though they sometimes cause huge damage.
In the past few months, 41 percent of companies in Germany and, according to “Cyber Security in Austria 2016”, even 49 percent of Austrian companies were affected by a cyber- attack at least once. Most of them become aware of the attack by information given from employees. For half of the victims the resulting financial loss was less than 10,000 euros. With a small percentage of the companies affected, however, the damage can reach up to 500,000 euros or more.
Probability in connection to branch and company size
Using comprehensive data analyzes, risk on mind® was able to show that the probability of a cyber-attack depends on the industry in which a company operates and the size of the company: the larger the company, the greater the risk. In the past twelve months, 39.4 percent of German companies with 10–49 employees and 47.3 percent of German companies with 250–499 employees were victims of a hacker attack.
risk on mind® can also identify differences between the economic sectors: In the last twelve months, the “other economic services” sector (48.4 percent) was most frequently attacked, while “agriculture, forestry, fishing” with 23.6 percent is sector with lowest number of attacks.
Phishing is statistically the most common cyber attack
The attempt to obtain personal or internal company data with fake e-mail messages and to make a profit is known as „phishing“. Every second hacker attack has been started this way for years, and currently three quarters of all cyber-attacks in Austria belong to the “phishing” category. There were 760 attacks per 100 German companies in the last twelve months. That is in average of 7.6 attacks per company.
The smuggling of „spy software“ that, unnoticed, spies on data or malicious software, that important and urgent company data makes indissolubly encoded, are also underestimated. An attempt of blackmail – which is often very expensive. So-called „CEO frauds“, in which hackers play boss and thus elicit data from employees.
Aware of the danger, but not sufficient protected
Over 80 percent of German industry companies of all sizes and branches have the risk of cyber-attacks in mind: They rely on technical standards such as minimum password requirements, assign access and user rights individually and depending on the task, regularly carry out backups and maintain them physically separated. They use anti-virus software and a firewall and regularly install security updates. But unfortunately, not enough, as the increasing number of attacks on company data shows.
The evaluations by risk on mind ® showed that more complex passwords can reduce the probability of an attack by ten percent. Where is currently a major lack: in organizational security measures. Unfortunately, these are still often missing: only two thirds of companies have fixed guidelines for information and IT security in written. And only just under a quarter of all businesses have certified IT security. Actions that check guidelines and their compliance show the greatest effect in prevention together with regular training of employees regarding IT security.
Pharmaceutical companies leading in technical IT security measures
Pharmaceutical companies are particularly best example in implementing protection measures against hacker attacks on a technical level. The other side of the coin: the organizational protective measures still offer a lot of potential for significantly reducing the risk. Two examples: 85 percent of German pharmaceutical companies do not use certified IT security. 75 percent said that they are lagging in training of employees.
Cyber-attacks against companies in Germany. Results of a representative company survey 2018/2019. Ed. V. German Federal Ministry for Economic Affairs and Energy. 2020.
Cyber security in Austria. Ed. V. KPMG Security Services GmbH. 05/2020
Statistical data analysis by risk on mind®