Germany cyber security and cyber crime statistics

Every country is impacted by cyber crime to some extent, not least Germany. Citizens and organizations operating in Germany feel the wrath of ransomware attacks, malicious hacks, phishing schemes, and more. There is strong awareness of cyber crime in the country and businesses are making efforts to stay ahead of the game, but it’s difficult to sidestep the advancing technologies employed by cyber criminals.

Below, we summarize some of the findings of the latest studies and reports with respect to cyber crime and cyber security in Germany.

1. Almost 80% of German companies were the subject of a successful attack within 12 months

The CyberEdge Group 2020 Cyberthreat Defense Report (CDR) reveals information about cyber attacks across the globe. Responses from IT professionals in Germany suggest that 79.2 percent of organizations in the country dealt with a successful cyber attack in the year prior to the study. This was a better figure than those seen in Mexico (93.9 percent), Spain (87.5 percent), and Italy (85.7 percent). But several countries including Canada, Japan, and Australia saw a lower percentage of business attacked.

Percentage of companies hit with cyber attacks.
Source: CyberEdge

2. Over 60% of German organizations had to deal with a ransomware attack within a 12-month period

CyberEdge took a special interest in ransomware attacks and discovered that 60.6 percent of German companies experienced such an attack. The country was in the middle of the pack with China (76.0 percent) being hit the hardest and Japan (36.7 percent) seeing the lowest portion of businesses hit with ransomware.

3. German companies spend around 11% of their IT budget on security

So how much are companies spending to combat cyber crime? CyberEdge found that German firms spend 11.4 percent of their IT budget on security. This is on the lower end of the scale with Japan (10.6 percent), France (10.6 percent), the UK (11.2 percent), and Singapore (11.3 percent) rounding out the bottom five. Mexico topped the list at 15.9 percent followed by Saudi Arabia at 15.3 percent.

4. The IT budgets of German organizations increased 4.4% in 2020

One of the reasons for Germany being on the lower end of the scale is that companies in most countries increased their ITbudgets by a higher percentage in 2020. German organizations saw the second lowest increase at 4.4 percent ahead of only Japan at 3.9 percent. Colombian businesses increased IT spending the most at 6.7 percent.

5. Over 75% of German companies indicate a preference for machine learning and AI

CyberEdge also sought to find out how companies feel about the place of advancing technologies such as AI and machine learning in security products. Around three-quarters (75.3 percent) of German organizations have a moderate to strong preference for security products that have these types of features. This is on the lower end along with Canada, Japan, and Australia. Turkey, Brazil, Mexico, Saudi Arabia, and Singapore make up the top five in terms of interest in advanced technology in security products.

6. 57% of organizations are attacked by ransomware each year

The Sophos State of Ransomware Report 2020 hones in on the impact of ransomware attacks on organizations all over the world. It found that 57 percent of German companies were subjected to a ransomware attack in the 12 months before the study. This agrees almost exactly with the figure in the CDR above. India topped the chart with 82 percent of organizations hit with attacks and South Africa was at the bottom with 24 percent of companies having to deal with ransomware.

7. 31% of companies stopped attacks before data was encrypted

Germany did quite well at stopping ransomware in its tracks. Sophos found that almost one third of attacks were stopped before data was encrypted. This put it in the top seven countries, with Turkey leading the pack having been able to stop 51 percent of attacks.

Chart showing percentage of attacks stopped.
Source: Sophos

8. Ransoms were paid by 12% of organizations

The fact that German firms were able to block a significant portion of attacks no doubt contributed to the relatively low portion of companies that paid their requested ransoms. 12 percent of businesses paid up, compared to India where 66 percent of companies handed over funds.

9. The average cost of ransomware attacks in Germany was more than $470,000

Sophos also took into consideration the cost of remediation for a ransomware attack. In Germany, the average cost was $470,000 which was well below the global average of around $750,000. Swedish firms face the largest costs to remediate ransomware attacks, shelling out an average of $2.75 million.

10. 77% of companies hold cyber security insurance

One more interesting insight from the Sophos report pertained to cyber security insurance. More than three-quarters of German companies have cyber security included in their policies. It sounds quite high but actually puts the country in the bottom six of those studied. Sophos notes that this is surprising given that Germany is a developed country and sees above-average levels of ransomware. Half of companies that hold cyber insurance have ransomware included in their insurance policy.

11. 28% of companies pay for standalone cyber insurance

Delving a little further into cyber insurance, the Hiscox Cyber Readiness Report 2021 looked specifically at standalone cyber insurance. This is often more comprehensive than combined coverage so is viewed as a better indicator of a firm’s cyber readiness. 28 percent of German companies have a standalone cyber insurance policy in 2021, an increase of four percent compared to 2020. Belgium (30 percent) and the US (33 percent) were the only countries with a higher figure for 2021.

Graph showing the percentage of companies with standalone cyber insurance.
Source: Hiscox

12. Germany dealt with the highest median cost of cyber attacks

An interesting statistic from the Hiscox report was the median cost of a cyber security attack. Out of the eight countries in the study, Germany faced the highest median costs at $24,000. What’s more, it found that firms in Germany spent the most money on security, an average of $5.5 million.

14. 74% of ransomware attacks occurred through phishing emails

We know that phishing is a key vehicle for ransomware attacks, but it may be more prominent than previously thought. Overall, Hiscox found that 65 percent of ransomware attacks occur via phishing emails, but that percentage is quite a bit higher in Germany (74 percent) as well as in the Netherlands (76 percent).

15. Germans received the second highest share of malicious mailshots in 2020

A spam and phishing study conducted by Kaspersky revealed the frequency of malicious correspondence in various regions. It uncovered that in 2020, Germany was the second most targeted country by malicious mailshots, receiving a 7.28 percent share of malicious email campaigns. Notably, Germany had been in the top spot since 2015. This year, Spain was a larger target, receiving an 8.48 percent share.

Map of malicious mailshots.
Source: Kaspersky

16. Germany was the source of over 10% of spam in 2020

Kaspersky also found that Germany was a significant source of spam in 2020 with 10.97 percent of spam originated in the country. The only country with a higher portion was Russia, accounting for a whopping 21.27 percent. Closely following Germany was the US (10.47 percent), then China (6.21 percent).

17. Around 1% of scam websites have a German .de domain

After reading the above statistic, it makes sense that 1.23 percent of scam websites have a .de domain. This put it in fourth place behind .com (24.36 percent), .ru (2.12 percent), and .com.br (1.31 percent).

18. More than 300,000 COVID-related malicious files have been detected since May 2020

In May 2020, McAfee began tracking COVID-19 related malicious file detections across the globe. Germany is the ninth-most impacted country so far, seeing 338,552 malicious file detections over the roughly two-year period. While this is a fairly high number, the US has seen a staggering 2.56 million detections and Spain has observed 2.13 million.

Graph showing COVID related file detections.
Source: McAfee

19. Out of 75 countries studied, Germany ranks 44th for overall cyber security

A Comparitech study analyzed a range of cyber security statistics to paint a holistic view of the state of cyber security in 75 countries. Germany fared okay, but featured in the lower half of the sample in 45th place. It received a score of 19.57, where a low score is better. The top-performing country was Denmark with 3.56, while the country that seems to be most lacking in terms of cyber security was Tajikistan with 35.54.

20. Germany has dished out €69 million worth of GDPR fines

A 2021 data breach report by DLA Piper reveals a plethora of information about fines that have been issued since the GDPR went into effect in 2018. During that period, Germany is the second largest issuer of GDPR fines having penalized companies to the tune of €69,085,000. The only country to have issued a higher amount in fines is Italy with €69,328,716.

21. The second largest GDPR fine to date was issued in Germany

A big contributor to the above figure was the fact that Germany issued the second largest GDPR fine to date. The Hamburg data protection supervisory authority fined global retailer H&M €35.26 million. DLA Piper reveals that the seventh and ninth largest fines were also issued in Germany.

22. Germany has had the highest number of data breaches

Another area DLA Piper dove into was the number of personal data breaches each region experienced. It found that Germans have experienced the largest number of personal data breaches since the GDPR came into effect. With 77,747 breaches so far, it’s significantly ahead of the Netherlands (66,527) and well ahead of third place, the UK (30,536).

The country also saw the most significant (by far) year-over-year increase with around 40,000 breaches in 2020 compared to roughly 25,000 in 2019.

23. 30 GDPR fines have been issued in Germany so far

Enforcement Tracker has been keeping tabs on all GDPR fines for which information is made publicly available. Of 638 entries in its database, 30 fines were issued in Germany.

The GDPR fines issued in Germany.
Source: Enforcement Tracker

24. The average cost of a data breach in Germany is $4.45 million

IBM’s Cost of a Data Breach Report 2020 provides a wealth of information about how breaches impact organizations. One key area of study is the overall cost of a data breach, which can be extremely high for some firms. In Germany, the average cost of a breach was $4.5 million. This put it in the top four regions, behind the US ($8.64 million), the Middle East ($6.52 million), and Canada ($4.50 million). While these costs were high, Germany was one of few regions that saw lower costs compared to the previous year, with expenses declining 4.8 percent.

25. 57% of breaches are caused by malicious attacks

So what causes these expensive data breaches? IBM discovered that the majority (57 percent) of data breaches in Germany result from malicious attacks. The only region with a higher percentage is the Middle East where 59 percent of breaches stem from malicious attacks. In Germany, 24 percent of breaches occur due to system glitches and 19 percent as a result of human error.

26. Germany has the highest rate of organizations with fully deployed security automation

With high breach costs and a significant portion of breaches resulting from malicious attacks, it’s perhaps not surprising that German organizations are the most likely to have fully deployed security automation, with 30 percent of organizations falling under this category. A further 45 percent have partially deployed security automation. The global averages for these figures are 21 percent and 38 percent respectively.

27. Germany has the shortest data breach identification and containment time

The popularity of security automation could be a reason that German companies are the quickest to identify and contain a breach. Identification occurs within 128 days, well below the global average of 207 days. Containment takes 32 days compared to the average of 73. The second quickest country is Canada, but it takes 40 days longer to identify and 16 days longer to contain a breach.

28. Germany is the country most affected by stalkerware in Europe

A stalkerware study by Kaspersky found that Germany saw the highest number of incidents of stalkerware of all European countries investigated. 1,546 incidents were recorded in 2020, compared to 1,144 in Italy and 1,009 in the UK.

A chart of stalkerware incidents.
Source: Kaspersky

On a global scale, there were five countries with higher rates than Germany, starting with Russia, followed by Brazil, the US, India, and Mexico.

The report also noted that for the past several years, Women’s Counselling Centers and Rape Crisis Centers have seen an increase in the use of stalkerware in partner relationships.

29. Employees use an average of 70 passwords

The LastPass 3rd Annual Global Password Security Report offers useful information about how employees use passwords and Multi-Factor Authentication (MFA). The study found that German employees use an average of 70 passwords each. This sounds quite high but it’s still far fewer than the number of passwords Belgian employees have to juggle (112). LastPass also found that German employees reuse an average of 13 passwords. This was about average, but really, even one reused password is a big no-no when it comes to password security.

30. 32% of businesses use MFA

MFA adds an extra step to login processes, enhancing account security. LastPass discovered that 32 percent of German organizations have employees that use MFA, putting it sixth behind Denmark, the Netherlands, Switzerland, Belgium, and the UK.

See also: