61 percent of companies in Germany assess their risk of being attacked by computer criminals as “high” or “very high”. Particularly alarming: almost all companies are finding it increasingly difficult to even recognise the first signs of a cyberattack (84 percent). And more than half assume that the risk of a cyber attack will increase in the next two years. These are the core results of a KPMG survey of 1,000 companies, selected on a representative basis by industry and turnover, on their experiences with computer crime.
KPMG partner Michael Sauermann: “Computer crime is eating through the German corporate landscape like a canker. Mail servers in particular are an attractive target. Phishing emails, business email compromise or ransomware attacks are the order of the day practically everywhere. At the same time, the attacks are becoming more and more diverse, more pervasive, correspondingly more explosive and more expensive for the companies. The increasing complexity of the technologies used is a major challenge for more than three quarters of the respondents.”
Carelessness and inadequately trained employees (95 and 81 per cent respectively) are among the most frequently cited factors that encourage computer crime. In addition, the companies see a lack of security culture or a lack of risk understanding among their employees (86 percent) as significant risk factors.
"Adequate training as well as awareness-raising of employees is of central importance to prevent computer crime in one's own company. It would be ideal if people could develop an awareness similar to a 'human firewall'."
Mail servers targeted – fraud offences are most common
39 percent of the companies surveyed said they had been affected by computer crime since 2019. By far the most frequent target of the perpetrators are the companies’ mail servers (67 percent). Among the crimes, fraud offences in particular have recorded a conspicuous increase: they already account for half of all cases, followed by extortion and data theft with around 25 percent each. Almost a quarter of the respondents have already been exposed to a successful ransomware attack, and another 31 percent were able to fend off such attempts. In 40 percent of the companies affected by a ransomware attack, there was a business interruption with serious consequences, which represents a significant increase compared to the previous study in 2019 (27 percent). At every second company, more than 75 percent of the IT landscape was affected by the outage.
"For almost half of these businesses, it took at least two days afterwards before they could resume operations. In practice, we see cases where businesses lie idle for weeks or even months."
What is particularly annoying is that the identification of the perpetrators still causes great difficulties. The vast majority must be assigned to the category ‘unknown externals’.
Corona pandemic forces companies to upgrade
Just under half of the companies surveyed said they had taken measures to increase IT security in view of the Covid 19 pandemic (45 per cent). Particular attention was paid to setting up secure communication channels for accessing the company network (91 per cent) and defining and communicating clear rules and regulations for working from the home office (90 per cent).
Text: KPMG
Image: Unsplash
Translation by the editors
