Damage to German companies due to cyber attacks is increasing

KPMG study ‘e-Crime in the German economy 2024’

KPMG study ‘e-Crime in the German economy 2024’

  • More than one in three companies have fallen victim to cybercrime in the last two years
  • Total losses increased for more than half of companies
  • The majority of companies rate their own risk as high or very high
  • Phishing, attacks on cloud services and attacks via data leaks are the most common offences

Berlin, 27 May 2024

Cybercrime remains a real threat in Germany: more than one in three companies (35 per cent) in this country has been the victim of a cyber attack in the past two years. The attacks have placed a greater financial burden on a large number of companies than in previous years: For 57 per cent, the total amount of damage has increased. These are the findings of the KPMG study ‘e-Crime in the German Economy 2024’. 

Increasing risk awareness

The majority of companies have realised that e-crime is a real threat. For example, 67 per cent of respondents rate the risk of becoming a victim of cybercrime as high or very high. In 2022, this figure was 61 per cent and 51 per cent in 2019. In addition, 65 per cent of companies expect the risk to increase over the next two years.

Service providers often a gateway for cyber criminals

According to the study, affected companies are most frequently victims of phishing (53 per cent), attacks on cloud services (42 per cent) and data leaks (37 per cent). Computer criminals most frequently direct their attacks against mail servers (39 per cent) and web servers (36 per cent). They also use companies' service providers as a gateway for their criminal activities. More than half (54 per cent) of the affected companies experienced attacks on their own data via the technical infrastructure of service providers.

Computer criminals often do not take a targeted approach, but steal all data to which they can gain access. The most sought-after prey is customer data (47 per cent), followed by the company's bank and financial data (42 per cent) and personnel data (37 per cent). 

Employees remain a significant risk factor

66 per cent of companies see a lack of security awareness among their employees as a major risk for e-crime. 74 per cent therefore rely on training to sensitise their staff. ‘People remain a major risk when it comes to cybercrime. A lack of understanding of security in particular often makes it easy for criminals. Companies should invest in the human firewall, i.e. sensitising their employees,’ says Michael Sauermann, Head of Forensic Technology Germany & EMA at KPMG.

Cyber insurance on the rise

To protect themselves against the financial consequences of e-crime, companies are increasingly turning to cyber insurance. 40 per cent of the companies surveyed have already taken out such insurance and a further 42 per cent are considering taking it out.

About the study

For the study, 750 employees from companies selected on a representative basis according to sector and turnover were asked about their experiences in the field of cybercrime.

Press contact

Clemens Reisbeck

Deputy Head Corporate Communications
KPMG AG Wirtschaftsprüfungsgesellschaft

T +49 89 9282 1722