Cybersecurity in Germany
Elif Bas | 5 February 2024
Summary
Germany faces an elevated risk of cyber attacks due to the vulnerability of small and medium-sized enterprises with annual economic damage estimated at almost EUR 203 billion (USD 220 billion)
Shortage of IT professionals and volume of vulnerable enterprises hinders the efficient implementation of cybersecurity measures
As the largest economy in the EU, the increase in threats poses risks domestically and internationally
The German Federal Office for Information Security (BSI) released its report on IT and cybersecurity revealing that the threat in cyberspace is at an all-time high. The main threat continues to be ransomware, with identity theft becoming more frequent. Government institutions are increasingly targeted by Advanced Persistent Threats, which involve cyber espionage or sabotage carried out over an extended period to gather information or exert manipulation. Germany's vulnerability stems from the insufficient cybersecurity measures in small and medium-sized enterprises (SMEs), which make up around 80% of Germany’s economy. Another focal point is the trend of supply chain attacks, where malicious programs such as viruses are spread through third-party vendors, allowing multiple victims to be attacked simultaneously. Cyber-attacks cause EUR 202.7 billion EUR (USD 219.8 billion) in damage per year to German companies through data theft, sabotage and industrial espionage. Nevertheless, BSI predicts the IT sector to continue its growth. Berlin is aware of the deficit, however, due to qualification shortages and high salary demands of IT professionals SMEs often do not recruit adequately and sufficiently.
Forecast
Short-term: Germany is likely to increase its investment in cybersecurity as it will experience a continued surge in attacks on SMEs and consequent economic loss
Medium-term: Disadvantage to European and international peers poses threats to domestic, regional and international security as well as damage to economies
Long-term: Implementation of EU Network and Information Security Policy (NIS2) is expected to increase penetration of heightened measures, thus the current demand for IT professionals creates opportunities for investments and economic growth