MUNICH (dpa-AFX) - In view of the continuing wave of cybercrime and often powerless prosecution, the German economy is increasingly turning to preventive self-protection. According to the digital industry association Bitkom, cyber attacks are currently one of the biggest threats to the German economy and society. "There is currently no sign of the threat situation easing," says association president Ralf Wintergerst. Not only politicians, but also the companies themselves are challenged. "This means that IT security must be placed at the top of the agenda in companies and provided with the necessary resources."

According to Bitkom estimates, the theft of IT equipment and data, digital and analog industrial espionage and sabotage caused damage totaling 206 billion euros last year. Almost three quarters of this sum - around 148 billion - was due to cyber attacks. "Almost two thirds of companies in Germany recently stated that they expect to fall victim to cyber attacks in the next twelve months," says Wintergerst, whose main job is CEO of Munich-based security technology and banknote manufacturer Giesecke + Devrient.

The actual damage could be even greater. "There is also a multiple dark field," says Martin Kreuzer, cyber expert at reinsurer Munich Re. "Not only perpetrators want to remain anonymous, but also many victims. That makes prosecution difficult."

Hardly any clarification for foreign perpetrators

Investigations often come to nothing because many perpetrators attack from abroad. According to the "Bundeslagebild Cybercrime" published by the BKA in summer 2023, the clearance rate for foreign crimes is in the low single-digit range.

Both Wintergerst and Jorg Asmussen, Managing Director of the German Insurance Association (GDV), are therefore calling for better international cooperation between law enforcement agencies. However, the problem will not be solved by law enforcement alone, says Asmussen. "Instead, we need to tackle cybercrime in several areas: Politicians must create the framework conditions for more cyber security, for example with threat analyses, specific warnings and clear naming of the perpetrators."

Large-scale attacks on private individuals and companies must be quickly identified and made known, ideally combined with information on how to defend against the attack. "The economy also urgently needs to improve its level of protection," says Asmussen. German SMEs in particular are lulled into a false sense of security with regard to their cyber risks."

New authority planned

Politicians and law enforcement authorities are by no means inactive. The federal government is currently setting up the Federal Office for Combating Financial Crime, which is due to start work in 2025. The new investigative authority is not specifically intended to combat cybercrime, but money laundering - the smuggling of criminal profits into the legal money cycle - naturally also plays a major role in cyber gangs.

And an example from Bavaria: the state government has increased the number of staff at the Central Cybercrime Unit of the Bamberg Public Prosecutor General's Office in recent years, and the number of investigations has risen steadily: 14,198 in 2019 and over 18,400 last year. However, these are not just cyberattacks; the figures also include the online distribution of child pornography and online investment fraud, for example.

"The interaction between risk carriers, the judiciary and intermediaries such as insurance companies can make a difference," says Munich Re cyber expert Kreuzer. "Many companies are investing more in prevention. Something is already happening, and there are definitely international law enforcement operations that are successful."

Many attacks from organized crime

Nevertheless, investigators are often powerless. According to the Bitkom Economic Protection Report 2023, the electronic traces often led to Russia or China. "In other words, countries that have little or no cooperation with German or European security authorities," says Bitkom President Wintergerst. "The boundaries between organized crime and state-controlled actors are often blurred." The proportion of attacks that can be attributed to organized crime is rising continuously. In 2023, 61% of companies attacked by hackers reported that the attacks came from organized crime.

"The entry threshold for the perpetrators is very low; simple cyber attacks don't require much more than a computer, electricity and internet access," says Munich Re cyber expert Kreuzer. Programming skills are therefore hardly required, if at all: "You can find instructions and tools on the Internet for little money." Cybercrime is a hydra: "As soon as you cut off one head, another grows back."

Bitkom urges investment in cyber security

Conclusion: "Prevention is the best way to combat cybercrime," says Matthias Baumhof, Manager at IT security service provider Lexis Nexis Risk Solutions. "Preventing cybercrime would make the work of law enforcement agencies, which are already overwhelmed by the scale of cybercrime due to limited resources, much easier."

For companies, prevention means training staff and, above all, upgrading technology. Baumhof is Head of Technology for "Threat Metrix", a platform for identity verification. "Modern analysis processes and machine learning help to predict and prevent fraud."

The industry association Bitkom recommends that companies allocate no less than 20 percent of their total IT expenditure to IT security. "And finally, every company needs an emergency plan for cyber attacks," says Wintergerst. "It must clearly regulate who does what in an emergency. If you only think about this after a successful attack, it's too late."/cho/DP/men