As the current KfW SME panel shows: Cybercrime particularly affects the pioneers of digitization. Three out of ten medium-sized companies fell victim to cyber attacks in the years 2018 to 2020. However, the protective measures are insufficient in view of the large attack surface for cyber attacks.
Around 29% of all medium-sized companies in Germany fell victim to cybercrime in the years 2018-2020. The concern increases with the breadth and intensity of digitization activities and the size of medium-sized companies. The main reason for this is a combination of a larger attack surface for these companies and insufficient protective measures. This shows a special evaluation of the latest representative KfW SME panel.
The KfW SME panel shows the problem
The strong correlation between company size and exposure to cybercrime is shown by the fact that 28% of smaller companies with fewer than five employees have fallen victim to cybercriminals, compared to 49% of companies with 100 or more employees. An important reason for this is that cybercriminals mainly focus on higher-revenue companies. The analysis also makes it clear that larger medium-sized companies are more often among the digital pioneers and thus offer a larger target for potential cyber attacks.
The impact of cyber attacks increases both with the thematic breadth and with the intensity of digitization activities. Overall, 45% of companies with four or more different project types and 43% of companies with digitization expenditures of at least EUR 10.000 were affected by cybercrime. Among the companies with a digitization strategy, which is considered an indicator of particularly ambitious digitization activities, an above-average number of companies were also victims of cyber attacks at 37%.
More digitization – more cyber attacks
On the other hand, there are hardly any differences between individual economic sectors. In the period under review, between 28% and 30% of companies in all sectors of the economy were affected by cybercrime. Only companies in the research and development-intensive manufacturing sector were affected more frequently by attacks, at 35%.
The main threat in cyberspace comes from extortion for ransom or hush money. Targeted overloading of websites is also a widespread attack method. Small and medium-sized companies in particular fail to appreciate the need for protective measures to ward off such threats. They often lack staff with technical expertise in the field of IT security. As a result, necessary investments in IT security are not made. Medium-sized companies, which are aware of the threat situation, often have great difficulties in recruiting suitable personnel or identifying suitable external IT service providers in view of the shortage of skilled IT experts.
Directly to the PDF at KfW.de
About KfW
KfW is one of the leading promotional banks in the world. Since 1948, she has been working on behalf of the federal and state governments to improve economic, social and ecological living conditions worldwide.