German manufacturers are lucrative targets for cyberattacks

Manufacturers in Germany have been hit hard by cyberattacks, incurring damages of about EUR 43.4 billion (about US$50 billion) in the past two years.

More than two-thirds of industrial companies in the country reported that they have fallen victim to sabotage, data theft, or espionage.

The results were published by Germany’s IT sector association Bitkom. Small and medium-sized enterprises (SME) are particularly at risk of being attacked.

“With its world market leaders, German industry is particularly interesting for criminals,” said Bitkom President Achim Berg in a statement. “Those who do not invest in IT security are negligent and endanger their business.”

According to the study, a third of companies have reported that IT or mobile devices have been stolen, with about a quarter of them saying sensitive digital data was leaked.

Thefts are not limited to digital either. One in five has stated that sensitive physical documents, documents, samples, or machines have been stolen.

Germans are one of the world’s leading, most cutting-edge manufacturers. The country’s security officials have long warned about the risks of foreign spy agencies engaging in industrial espionage via cyberattacks.

“Illegal knowledge and technology transfer, social engineering, and economic sabotage are not rare individual cases, but a mass phenomenon,” said Thomas Haldenwang, Vice President of the Federal Office for the Protection of the Constitution (BfV).

Besides theft, companies also noted evidence of their production systems or operations being sabotaged digitally. Additionally, about one in 10 companies found that their communications channels (including email and messaging services) had been tapped.

Berg explained that a lot of companies lack the know-how required to secure their intellectual property.

The report also alluded that perpetrators were often people that worked for, or had dealings with the companies that were attacked. This includes customers, suppliers, external service providers, or competitors.

Interestingly, employees are also a company’s asset when it comes to spotting security breaches. Six out of 10 manufacturers were notified of a security incident by employees.

“The most effective protection against espionage, theft, and sabotage is motivated, well-trained, and attentive staff,” said Berg.

On a related note, only 40 percent of respondents said they were notified of an attack by security systems, with a quarter of them coming across security breaches by pure coincidence.

Amongst cyber threats, zero-day exploits (newly discovered and notified security vulnerabilities in software) were cited as the largest threat for manufacturers.

However, a shortage of skilled IT security personnel and a high employee turnover is increasing attack risk and adding to the manufacturers’ woes.