Germany cyber security and cyber crime statistics

Every country is impacted by cyber crime to some extent, not least Germany. Citizens and organizations operating in Germany feel the wrath of ransomware attacks, malicious hacks, phishing schemes, and more. There is strong awareness of cyber crime in the country and businesses are making efforts to stay ahead of the game, but it’s difficult to sidestep the advancing technologies employed by cyber criminals.

Below, we summarize some of the findings of the latest studies and reports with respect to cyber crime and cyber security in Germany.

1. Over 70% of German companies were the subject of a successful attack within 12 months

The CyberEdge Group 2022 Cyberthreat Defense Report (CDR) reveals information about cyber-attacks across the globe. Responses from IT professionals in Germany suggest that 72.6 percent of organizations in the country dealt with a successful cyber attack in the year prior to the study.

The good news is that this is significantly down on the nearly 92 percent of the previous year. Moreover, Germany’s figure was far better than most. Colombia (93.9 percent) and Turkey (93.7 percent) had the highest percentages. Only Australia fared better than Germany with just 62.5% of organizations compromised by at least one successful attack.

2. Germany saw the first death by ransomware

CyberEdge reported in 2021 that a woman from Düsseldorf was rushed to a hospital 19 miles away in Wuppertal because her local hospital in Düsseldorf was targeted by a ransomware attack. 30 of the hospital’s servers were compromised as part of the attack which prevented new patients from being processed. Sadly, the woman died.

3. German companies spend nearly 11% of their IT budget on security

Allocation Budget Security IT mean
Source: CyberEdge

So how much are companies spending to combat cybercrime? CyberEdge found that German firms spend 10.8 percent of their IT budget on security. This is on the lower end of the scale with the UK (11.3 percent), Japan (11.2 percent), Australia (10.9 percent), and France (10.7 percent) rounding out the bottom five. Brazil topped the list at 15.6 percent followed by Turkey at 15.3 percent.

4. The security budgets of German organizations increased 3% in 2021

German organizations saw the lowest increase in security spending at 3.2 percent. Indeed, the average increase in security budgets over the last five years has been between 4 and 5 percent. CyberEdge found that Brazilian businesses increased security spending the most at 6.7 percent.

5. Over 70% of German companies indicate a preference for machine learning and AI

CyberEdge also sought to find out how companies feel about the place of advancing technologies such as AI and machine learning in security products. 71.6 percent of German organizations have a moderate to strong preference for security products that have these types of features. This is the lowest percentage of all countries listed. France and Canada (73.6 percent) were also less bullish. Saudi Arabia (98 percent), Turkey (96.6 percent), and South Africa (91.8 percent) make up the top three.

6. 67% of organizations are attacked by ransomware each year

The Sophos State of Ransomware Report 2022 hones in on the impact of ransomware attacks on organizations all over the world. It found that 67 percent of German companies were subjected to a ransomware attack in the 12 months before the study (the average was 66 percent). Austria topped the chart with 84 percent of organizations hit with attacks and South Africa was at the bottom with 51 percent of companies having to deal with ransomware.

7. 39% of companies stopped attacks before data was encrypted

Germany did quite well at stopping ransomware in its tracks. Sophos found that well over one third of attacks (39 percent) were stopped before data was encrypted. This put it above the average of 35 percent. India was the country that struggled most, preventing encryption in just 20 percent of cases. At the other end of the scale was Saudi Arabia in which cybcercriminals failed to encrypt the data of organizations in 62 percent of cases.

Sophos encryption rate in ransomware attacks
Source: Sophos

8. 46% of organizations paid the ransom to get their data back

Germany was among the organizations surveyed in Sophos’s report, which found that 46% of all respondents paid the ransom to retrieve their data. This increases the 32% who paid the ransom in 2021. 73% of the organizations used backups to get their data back, while 99% of respondents got at least some of their data back.

9. The average cost of ransomware attacks in Germany was more than $1.73 million

Sophos also took into consideration the cost of remediation for a ransomware attack. In Germany, the average cost was $1.73 million in 2021, a 48 percent increase on 2020 ($1.17 million). This worked out above the global average of $1.40 million. Belgian firms faced the largest costs to remediate ransomware attacks, shelling out an average of $3.71 million.

10. 81% of companies hold cyber security insurance

One more interesting insight from the Sophos report pertained to cyber security insurance. Well over three-quarters of German companies (81 percent) have cyber security included in their policies. While this sounds quite high, it actually puts the country just below average (82 percent) of all countries studied. Half of companies that hold cyber insurance have ransomware included in their insurance policy.

11. 27% of companies pay for standalone cyber insurance

Hiscox Cyber Readiness Report 2022 Germany snapshot
Source: Hiscox

Delving a little further into cyber insurance, the Hiscox Cyber Readiness Report 2022 looked specifically at standalone cyber insurance. This is often more comprehensive than combined coverage so is viewed as a better indicator of a firm’s cyber readiness. 27 percent of German companies have a standalone cyber insurance policy in 2022, a slight decrease on the 28 percent of 2021.

12. Germany dealt with the highest median cost of cyber attacks

An interesting statistic from the Hiscox report was the median cost of a cyber security attack. Out of the eight countries in the study, Germany faced the highest median costs at $24,000. What’s more, it found that firms in Germany spent the most money on security, an average of $5.5 million.

14. 74% of ransomware attacks occurred through phishing emails

We know that phishing is a key vehicle for ransomware attacks, but it may be more prominent than previously thought. Overall, Hiscox found that 65 percent of ransomware attacks occur via phishing emails, but that percentage is quite a bit higher in Germany (74 percent) as well as in the Netherlands (76 percent).

15. Germans received the 5th highest share of malicious mailshots in 2021

A spam and phishing study conducted by Kaspersky revealed the frequency of malicious correspondence in various regions. It uncovered that in 2021, Germany was the fifth most targeted country by malicious emails, having previously been the most popular target for several years until 2020. It received a 4.83 percent share of malicious email campaigns. This year, Spain was the biggest target, receiving 9.32 percent.

Kaspersky Countries and regions targeted by malicious mailings
Source: Kaspersky

16. Germany was the source of over 14% of spam in 2021

Kaspersky also found that Germany was a significant source of spam in 2021 with 14.12 percent of spam originating in the country compared with 10.97 percent in 2020. The only country with a higher portion was Russia, accounting for a whopping 24.77 percent. Closely following Germany was the US (10.46 percent) and then China (8.73 percent).

17. German .de domains no longer scam website hotspots

In 2020, 1.23 percent of scam websites had a .de domain. This put it in fourth place behind .com (24.36 percent), .ru (2.12 percent), and .com.br (1.31 percent). In 2021 however, .de domains didn’t make the list of domains to watch highlighting a decrease in scam websites on these top-level domains.

18. Out of 75 countries studied, Germany ranks 44th for overall cyber security

Which countries are the least cyber-safe in the world?
Source: Comparitech

Comparitech study analyzed a range of cyber security statistics to paint a holistic view of the state of cyber security in 75 countries. Germany fared okay, but featured in the lower half of the sample in 44th place. It received a score of 19.57, where a low score is better. The top-performing country was Denmark with 3.56, while the country that seems to be most lacking in terms of cyber security was Tajikistan with 35.54.

19. Germany has dished out €69 million worth of GDPR fines

2022 data breach report by DLA Piper reveals a plethora of information about fines that have been issued since the GDPR went into effect in 2018. During that period, Germany is the fourth largest issuer of GDPR fines having penalized companies to the tune of €69,329,916. The only countries to have issued a higher amount in fines are Luxembourg (€746,299,400), Ireland (€226,046,500), and Italy (€79,144,728).

20. The fourth-largest GDPR fine to date was issued in Germany

A big contributor to the above figure was the fact that Germany issued the fourth-largest GDPR fine to date. The Hamburg data protection supervisory authority fined global retailer H&M €32,258,708. DLA Piper reveals that the tenth largest fine was also issued in Germany.

21. Germany has had the highest number of data breaches

Another area DLA Piper dove into was the number of personal data breaches each region experienced. It found that Germans have experienced the largest number of personal data breaches since the GDPR came into effect. With 106,731 breaches so far, it’s significantly ahead of the Netherlands (92,657) and well ahead of third place, the UK (40,026).

22. 63 GDPR fines have been issued in Germany so far

Enforcement Tracker has been keeping tabs on all GDPR fines for which information is made publicly available. Of 1,169 entries in its database, 63 (5.38 percent) were issued in Germany.

GDPR Enforcement Tracker Germany
Source: Enforcement Tracker

23. The average cost of a data breach in Germany is $4.45 million

IBM’s Cost of a Data Breach Report 2021 provides a wealth of information about how breaches impact organizations. One key area of study is the overall cost of a data breach, which can be extremely high for some firms. In Germany, the average cost of a breach was $4.89 million (up from the $4.5 million of 2020). This put it in the top four regions, behind the US ($9.05 million), the Middle East ($6.93 million), and Canada ($5.40 million).

24. 57% of breaches are caused by malicious attacks

So what causes these expensive data breaches? IBM revealed in its Cost of a Data Breach Report 2020 that the majority (57 percent) of data breaches in Germany result from malicious attacks. The only region with a higher percentage is the Middle East where 59 percent of breaches stem from malicious attacks. In Germany, 24 percent of breaches occur due to system glitches and 19 percent as a result of human error.

25. Germany has the highest rate of organizations with fully deployed security automation

With high breach costs and a significant portion of breaches resulting from malicious attacks, it’s perhaps not surprising that German organizations are the most likely to have fully deployed security automation, with 30 percent of organizations falling under this category. A further 45 percent have partially deployed security automation. The global averages for these figures are 21 percent and 38 percent respectively.

26. Germany has the shortest data breach identification and containment time

The popularity of security automation could be a reason that German companies are the quickest to identify and contain a breach. Identification occurs within 128 days, well below the global average of 207 days. Containment takes 32 days compared to the average of 73. The second quickest country is Canada, but it takes 40 days longer to identify and 16 days longer to contain a breach.

27. Germany is the country most affected by stalkerware in Europe

stalkerware study by Kaspersky found that Germany saw the highest number of incidents of stalkerware of all European countries investigated (some 1,012 incidents). This was despite a 34.5 percent reduction on the previous year (1,546 incidents recorded in 2020).

Kaspersky 2021’s top 10 countries affected by stalkerware - Europe
Source: Kaspersky

On a global scale, there were four countries with higher rates than Germany, starting with Russia, followed by Brazil, the US, and India.

28. Employees use an average of 70 passwords

The LastPass 3rd Annual Global Password Security Report offers useful information about how employees use passwords and Multi-Factor Authentication (MFA). The study found that German employees use an average of 70 passwords each. This sounds quite high but it’s still far fewer than the number of passwords Belgian employees have to juggle (112). LastPass also found that German employees reuse an average of 13 passwords. This was about average, but really, even one reused password is a big no-no when it comes to password security.

29. 32% of businesses use MFA

MFA adds an extra step to login processes, enhancing account security. LastPass discovered that 32 percent of German organizations have employees that use MFA, putting it sixth behind Denmark, the Netherlands, Switzerland, Belgium, and the UK.

30. Newly discovered malware variants are up by 20% on the previous year

BSI Germany reported in 2021 that it had discovered 144million new types of malware, up 20% from 2020. This equates to an average of 394,000 malware attacks each day.

31. Revenue from the cyber security market is estimated to reach US$6.44bn in 2022.

A recent report from Statista found that revenue in the cyber security market is expected to reach a record high of almost $6.5bn in 2022. By 2027 this figure is projected to reach a market volume of US$11.73bn.

FAQs about cyber security and cyber crime in Germany

What is the punishment for cyber crime in Germany?

Anyone found guilty of breaching rule 263a of the German Criminal Code can receive up to five years in prison or a fine as punishment for their crimes, depending on the severity.

How do I report a scammer online in Germany?

People who have been affected by online fraud, a scam, or are a victim of a cybercrime in Germany can report the crime to their local police station. You can file a report online or visit your local police station to report it to a police officer in person.

See also: