Cyberattacks: Companies Need a Paradigm Shift

Many companies simply lack the necessary awareness to recognize the threats they face. To ensure secure operations, businesses must redefine their processes and governance models.

The digital transformation of German companies is advancing rapidly. The same, however, applies to cybercrime. Every day, businesses suffer significant damage from denial-of-service attacks, ransomware, and more. Yet for many companies, the prevailing mindset remains: reaction instead of prevention. This must change if digital transformation is not to be put at risk.

Without Awareness, There Is No Solution

First and foremost, companies must become aware of the problem. Only when the executive board fully grasps what is at stake can far-reaching, structural processes be implemented. Even today, too many CISOs report a lack of close collaboration with management and a predominantly reactive approach. The executive board must therefore not only be kept informed but also actively involved. Otherwise, minimizing damage will remain out of reach. And the damage inflicted on the German economy is already substantial. According to a study by the digital association Bitkom, the cost of digital industrial espionage, sabotage, and data theft amounted to 43.4 billion Euro in 2017 and 2018 based on conservative estimates. The German mid-sized business sector (Mittelstand) has long since become a target for attackers.

Proactive Defense

Many companies still rely on a reactive approach to defending against cyberattacks. What can help here is a mature system of metrics and measurements for assessing cyber risks. Cyber risks must be quantified and communicated to the executive board. However, due to the ever-growing volume of data, maintaining oversight is becoming nearly impossible. Since this oversight is essential and human capacity alone is no longer sufficient, companies must turn to tools based on automation and machine learning. These technologies often represent a sensible and cost-effective alternative.

Unstable IT Undermines Reputation

Even though many companies have largely modernized their IT infrastructure and invested heavily in new technologies, many fail to adapt their organization, processes, and governance models accordingly. This can lead to disruptions, outages, and data breaches that severely impact revenue, profits, and especially corporate reputation. A paradigm shift is therefore urgently needed in German companies: a corporate culture must emerge in which defending against cyberattacks is recognized and treated as a core challenge. This is not a one-time reform. Companies – and particularly their executive boards – must continuously respond to an ever-evolving threat landscape to avoid facing even greater problems down the line.

Key Facts

Damage Volume: Cybercrime causes global damages exceeding 8 trillion Euro annually.

Skills Shortage: Over 3.5 million cybersecurity professionals are missing worldwide.

Frequently Asked Questions

What are the most common cyber threats for businesses?

According to the BSI (Federal Office for Information Security) threat report, ransomware, phishing, DDoS attacks, and supply-chain compromises are the most prevalent threats. German companies also face regulatory risks (GDPR, NIS2).

How much should a company invest in cybersecurity?

Industry experts recommend allocating 10 to 15 percent of the IT budget to cybersecurity. According to Bitkom, German companies currently average 14 percent. What matters is not just the amount, but the strategic distribution across prevention, detection, and response.

Does every company need a CISO?

Not every company needs a full-time CISO, but every company needs clear accountability for IT security at the executive level. SMEs can rely on an external CISO (Virtual CISO). With NIS2, management responsibility is now legally mandated.

Related Articles

• secIT by Heise 2026: The security roadshow for admins and IT managers
• DsiN Annual Congress 2026: Digital security in a connected society
• Cybersec Europe 2026: Brussels’ security conference at the heart of EU regulation

More from the MBF Media Network

• Cloud as an enabler of digitalization
• Digitalization in the Mittelstand: Best practices

Header Image Source: unsplash / Campaign Creators

Fact: According to AV-TEST, over 450,000 new malware variants are discovered daily.

Fact: German companies invest an average of 14 percent of their IT budget in cybersecurity, according to Bitkom.

TL;DR

• A study by the digital association Bitkom estimates that the damage caused by digital industrial espionage, sabotage, and data theft amounted to 43.4 billion Euro in 2017 and 2018 based on conservative calculations.
• Many companies simply lack the necessary awareness to recognize the threats they face.
• To ensure secure operations, companies must redefine their processes and governance models.
• Every day, businesses suffer significant damage from denial-of-service attacks, ransomware, and similar threats.

About the author: Tobias Massow

More articles by Tobias Massow