Berlin (dpa) - According to the TÜV association, every company in Germany will fall victim to a cyber attack at some point. The association and many companies are therefore calling for legal requirements for more cyber security. "Politically, there is a need for action on the major European regulations. The security gaps here must be closed quickly," said the President of the TÜV Association, Johannes Bussmann, in Berlin on Monday (June 12).

According to a representative survey commissioned by the TÜV Association, around one in ten companies was the victim of a cyber attack or similar IT security incident last year. "Cyber incidents are no longer an exception in the German economy, they are the rule and part of everyday life," said Bussmann. Sooner or later, it affects every company.

Organized cybercrime the biggest problem

"Cyber attacks with ransomware continue to pose the greatest threat to companies and organizations," said Gerhard Schabhüser, Vice President of the German Federal Office for Information Security (BSI). Time and again, successful attacks occur, sometimes with serious and long-term consequences for those affected, he explained. Especially in smaller companies, cyber security does not yet have the importance it should have. TÜV Association President Bussmann therefore insisted on supporting these companies: "In view of the shortage of skilled workers, we must invest in the expertise of small and medium-sized companies so that they can adequately protect themselves against cyber attacks."

From the companies' point of view, the biggest threat comes from organized cybercrime. However, so-called internal perpetrators, i.e. active or former employees of companies, or state actors also pose a threat. The fact that the number of cyberattacks against German companies has also increased since the start of Russia's war of aggression against Ukraine last year fits into this picture, said Bussmann.

Higher investment in cybersecurity

"Parallel to the fighting on the battlefields, a cyber war is taking place on the internet - and not just in Ukraine, but also here in Germany," said Bussmann. Cyberattacks on defense companies such as Rheinmetall are "no coincidence". Around 16 percent of all companies surveyed had accordingly recorded more attacks on themselves. More than half stated that the war had increased the risk of cyber incidents.

The consequences of such attacks are often serious: "Customer and employee services are often unavailable, production is down or sensitive data is stolen," explained Bussmann. A good one in two companies have therefore also increased their spending on cybersecurity.

The focus is no longer on prevention, but rather on crisis management and the ability to act in the event of an attack. These incidents are also no longer purely IT matters, they have become part of "normal business", in which every employee is affected, explained Bussmann.