223 billion euros in damage caused by cyber attacks – why the number of unreported cases is much higher
SECURITY INSIGHTS | 24 August 2021
In Germany alone, cyber attacks on the economy cause damage totaling 223 billion euros per year. This was calculated by the IT industry association Bitkom in its latest study. However, the real damage is far greater and affects us all, especially when critical infrastructure is attacked.
According to the Bitkom 2020/2021 survey, nearly nine out of ten companies in Germany (88 percent) have been affected by digital attacks. “A look at our data shows that ten out of ten companies are actually affected by cyber attacks, but one out of ten doesn’t know it,” says Paul Kaffsack, CEO of Myra Security.
According to Bitkom, these attacks are increasingly being carried out by “hobby attackers” (40 percent) and criminal gangs (29 percent). This is in line with the findings of the Myra Security Operations Center (SOC). Another alarming trend that the Myra SOC has been observing for some time is confirmed by the Bitkom survey: The number of attacks on critical infrastructure is increasing sharply, with 87 percent of the companies surveyed from this sector recording more attacks in the past twelve months. Besides malware, DDoS attacks are the most frequent cause of damage.
Myra Security is able to quantify this trend. Mitigation data from the SOC shows an increase of more than 100 percent in DDoS attacks on the Network and Transport layers (layers 3 and 4) over the previous year. On the Application layer (layer 7), the number of attacks actually increased by more than 300 percent over the same period.
Companies in the critical infrastructure sector are under daily and targeted attack. According to the Bitkom survey, 87 percent of critical infrastructure operators expect a further increase in attacks. The damage is borne by society as a whole, meaning all of us. The cyber disaster in Anhalt-Bitterfeld in July 2021 showed how quickly it can hit any of us. Due to a cyber attack, the administration there was no /en/clonger able to pay out social benefits. Incidents like the one in Anhalt-Bitterfeld could recur at any time and assume much greater proportions.
In addition to the quantity, the complexity of attacks is also constantly increasing. The Myra SOC is recording an increasing number of multi-vector attacks with several types of attack and on different network layers. At the same time, criminals are increasingly using reflection attacks to multiply the impact of their attacks with minimal resources.
It is also striking that DDoS attacks are increasingly accompanied by digital extortion. The extortionists are targeting larger and more solvent companies in particular, but also providers of essential services critical to public infrastructure. In July, for example, an attack campaign under the name “Fancy Lazarus” raged in the DACH region. As a result, the majority of companies from the telecommunications, healthcare, and finance sectors turned to Myra Security – that is, critical infrastructure that is vital to our society.
According to the Bitkom study “Economic Protection 2021”, the annual damage caused by the failure, theft, or damage to information and production systems or operating processes alone amounts to an estimated 61.9 billion euros. Added to this are, among other things, 12.3 billion euros in reputational damage and 13.3 billion euros in costs for investigations and mitigation measures.
But the actual damage is far greater. If critical infrastructure is paralyzed so that people no longer receive basic security, as in Anhalt-Bitterfeld, every one of us is potentially affected. If, as in the case of the University Hospital in Düsseldorf in the fall of 2020, medical care is restricted, life and limb are also at risk in an emergency. That is why the consistent protection of critical infrastructure is crucial for our society and the well-being of all of us.
85 percent of the companies surveyed by Bitkom Research are calling for policymakers to do more to protect companies from cyber attacks. Ultimately, however, everyone is responsible for their own security, especially since the dangerous situation is escalating faster than policymakers are able to act. Every company, every local authority, and every individual must therefore take action to protect themselves in the best way possible. After all, we all have an airbag in our car and a lock on our door. What is common practice in the real world should also be normal in the digital world.
Learn more about Myra’s custom solutions for the critical infrastructure sector