Germany’s shift towards digitalisation due to the coronavirus pandemic has come with a significant rise in cybercrime, according to a report by the country’s Federal Criminal Police Office (BKA). EURACTIV Germany reports.
Recorded cases of cybercrime jumped by 8% in 2020, according to the BKA’s Situation Report for Cybercrime 2020 published on Monday (10 May). Last year’s increase follows a 15% jump in cases in 2019 over the previous year. The number of solved cases fell by 7.4% over two years to 32.6% in 2020.
The push for digitalisation caused by the pandemic is seen as a driver of the increased cybercrime rate as criminals taking advantage of the massive shift towards remote work.
The report highlights an increasing professionalisation of criminals in the cyber economy with “services” offered on corresponding online marketplaces. Spam services can be purchased for as little as 10 euro cents while banking Trojans can cost around €800.
German companies are among the worst hit. Every fourth to fifth German company with more than 500 employees has fallen victim to a ransomware attack. This involves data being stolen or encrypted until the injured party pays a ransom.
According to a study by the country’s interior ministry, more than half of all German companies said their business would be under threat if sensitive data were lost or transmitted to their competition.
The cybercrime rate may be larger than it initally seems. A study by the economy ministry suggests that only around 12% of all cyberattacks on companies are not reported for fear of loss of reputation.
“Cyberattacks are one of the greatest dangers of this time,” secretary general of the ruling Christian Democrats (CDU), Paul Ziemiak, wrote on Twitter.
“Our country needs a digital security architecture that defends us robustly against cyber attacks. We see it as the core task of the state to ensure security in the digital world as well,” he said.
Germany passes IT security law
Large companies, critical infrastructure and public institutions are particularly at risk, according to the BKA report. The more essential the service is for society, the more lucrative cyberattacks are for criminals.
Insecure IT systems in particular offer a welcome gateway for hackers, as the recent breach of internal email traffic at the US Treasury and Commerce departments known as the SolarWinds hack revealed.
Germany has already started to tackle the issue. Last Friday (7 May), parliament approved a IT Security Act 2.0. The new law extends reporting obligations and standards already applicable to operators of critical infrastructure to companies operating in the public interest.
It also reinforces the mandate of the Federal Office for Information Security (BSI), which in future will be able to set binding standards for federal authorities and monitor their compliance with such standards.
“The BSI is to form a third pillar of our cybersecurity architecture alongside the Federal Criminal Police Office and the Office for the Protection of the Constitution,” said Ziemiak.
The BSI has also been tasked with developing a seal of quality that will make it clear to consumers which products meet certain security standards and which are to be classified as insecure.
“Today is a good day for cybersecurity in Germany,” commented Interior Minister Horst Seehofer following the approval of the law.
“Digitalisation permeates all areas of life, and the pandemic has once again accelerated this process enormously. Our protection mechanisms and defence strategies must keep pace – this is exactly what the IT Security Act 2.0 is designed to do,” he added.
Cybersecurity: a top priority for the EU
The German report came as the European Commission announced on Monday (10 May) an €11 million cash injection to support cybersecurity projects in 18 EU countries.
This is the latest in a series of cybersecurity initiatives in recent years. Back in 2019 European Commission President Ursula von der Leyen said that “cybersecurity is the flip side of digitalisation – therefore just as much a priority for us.”
In June that year the EU adopted a regulation that expanded the mandate of the EU’s cybersecurity agency and set EU-wide standards for IT products and services.
In December 2020 the European Commission presented a new cybersecurity strategy, investing more than €1 billion in the cause and significantly improving cooperation between EU and state institutions.
[Edited by Josie Le Blond]