High cyber risk for small and medium-sized companies in Germany – but also progress in resilience and support services

High cyber risk for small and medium-sized companies in Germany – but also progress in resilience and support services

2024-11-12 17:10:00

The Federal Office for Information Security (BSI) is once again warning of a critical, but not hopeless, cybersecurity situation in Germany: a massive increase in new malware, increasing threats from ransomware and data leaks, but also increased resilience through international cooperation and improved security measures. characterize the image of the 2024 management report.

Ransomware attacks in particular remain the biggest threat to German companies. In addition to large companies, small and medium-sized companies are increasingly being targeted. The costs for companies are increasing dramatically: in the third quarter of 2023, the average ransom amount paid after ransomware attacks was $850,000. Another worrying trend is the increase in malware, with an average of 309,000 new variants registered every day – an increase of 26 percent compared to the same period last year. Despite these developments, improved international cooperation is beginning to have positive effects, such as the successful takedowns of several international ransomware groups. The IT security standards and crisis prevention for operators of critical infrastructures (KRITIS) were also able to be further developed.

The cybersecurity situation remains difficult for the 3.1 million medium-sized companies in Germany. Smaller companies in particular, which often do not have their own IT staff and whose IT security tasks are limited by time or cost reasons, are often unable to implement basic protective measures. Many medium-sized companies also lack awareness of current threats and their own security risk.

The cyber risk check as a new standard for German medium-sized businesses

In order to provide a targeted remedy here, Der Mittelstand. BVMW developed the CyberRisk Check in collaboration with the BSI – a standard that is specifically tailored to the needs of small and micro-enterprises and from the project funded by the Federal Ministry for Economic Affairs and Climate Protection (BMWK) in the “IT Security in Business” initiative “safe with IT standard” was created. The check is carried out in a structured interview with a certified IT service provider and gives companies concrete recommendations for action to improve their cybersecurity. Participation is financially supported by funding programs at federal and state levels and offers medium-sized companies an important basis for their IT security strategy.

“With the cyber risk check, we have created real added value for medium-sized businesses,” emphasizes Marc Dönges, project manager of the Cybersecurity Transfer Office for medium-sized businesses. “Especially the simple and time-efficient one

Application makes it easier for companies to get started in cybersecurity.” In addition, the Cybersecurity Transfer Office in medium-sized businesses supports small companies with additional offers: The CYBERsicher Check, a free online tool, helps with the initial self-assessment of your own IT security. In In personal CYBER dialogues, companies also receive individual recommendations for action and can thus derive targeted protective measures.

Further information about the cybersecurity transfer office for medium-sized businesses can be found here: www.transferstelle-cybersicherheit.de

About the transfer office for cybersecurity in medium-sized businesses

The aim of the funding project is to increase the cybersecurity level of small and medium-sized companies, craft businesses and start-ups for a secure digital transformation through prevention, detection and reaction. Through information and qualification formats, numerous events nationwide, a detection and response platform for cyber attacks and a broad network of partners, we want to increase the level of cybersecurity in medium-sized businesses and make companies more resilient. The project is carried out by Der Mittelstand, BVMW eV, the FZI Research Center for Computer Science, the Leibniz University of Hannover – Institute for Vocational Education and Adult Education and the tti Technology Transfer and Innovation Promotion Magdeburg GmbH.

The Mittelstand-Digital network offers comprehensive support for digitalization with the Mittelstand-Digital Centers, the IT Security in Business Initiative and Digital Now. Small and medium-sized companies benefit from concrete practical examples and tailor-made, provider-neutral offers for qualification and IT security. The Federal Ministry for Economic Affairs and Climate Protection enables free use and provides financial subsidies. For more information, see www.mittelstand-digital.de.

About the association.

The middle class. BVMW eV is the largest, politically independent and cross-industry interest group for German medium-sized businesses.

Further information at: www.bvmw.de

1731442950
#High #cyber #risk #small #mediumsized #companies #Germany #progress #resilience #support #services

**Interview with Marc Dönges, Project Manager of⁢ the Cybersecurity Transfer Office for ‌Medium-Sized Businesses**

**Editor:** Welcome, Marc Dönges. Thank you for joining us today. The⁤ recent management report from⁤ the Federal Office for Information⁢ Security highlights a challenging cybersecurity landscape in Germany, ‍particularly for medium-sized ⁤businesses.⁣ Can ⁤you elaborate⁣ on ⁢this situation?

**Marc ‍Dönges:** Thank you for having me. Yes,‌ the report indicates a significant increase in‌ ransomware attacks and malware variants, which poses a serious threat to ⁤all companies, especially small and medium-sized enterprises (SMEs). The situation is critical, but ‌we believe it is not ⁤hopeless. The key is to raise‍ awareness ‍and enhance cybersecurity practices.

**Editor:** Ransomware in particular seems to be a pressing issue. ​What specific⁢ threats are SMEs facing, and what are their average​ costs?

**Marc Dönges:** Indeed, ransomware attacks are the biggest ‍concern. Larger companies have ⁢traditionally been the main targets, but now‍ increasingly, SMEs are falling victim ⁣as well.‍ The average ransom ​paid in the third quarter of 2023​ reached $850,000.​ For many smaller firms, ‍this could be devastating,‍ especially since⁤ they often lack robust IT departments and resources.

**Editor:** You mentioned that⁤ many SMEs struggle with IT security‍ due to limited ⁣awareness and resources. How is⁤ the‌ CyberRisk Check designed to help?

**Marc‌ Dönges:** The CyberRisk Check is essentially a tailored tool that provides SMEs with ​a structured ‌way to ⁢assess​ their current cybersecurity posture. Through collaboration with ⁣certified IT service providers, we guide businesses in identifying vulnerabilities and implementing actionable recommendations. It’s ⁤a ‌scalable and accessible option, particularly for those without dedicated IT staff.

**Editor:** That‍ sounds​ promising. You also mentioned that the program⁢ receives financial support. Can you explain how that works?

**Marc Dönges:** Yes, the initiative is backed by funding programs at both the federal ‌and state levels, which helps alleviate financial barriers for medium-sized enterprises. This support ⁤allows more companies⁢ to participate in the CyberRisk Check and adopt necessary security measures without excessive cost burdens.

**Editor:** Beyond the​ CyberRisk Check, what ⁤additional‍ resources are‌ available‌ for ⁣SMEs looking to bolster their cybersecurity?

**Marc ⁣Dönges:** In addition to the CyberRisk Check, we offer the CYBERsicher Check — a free online self-assessment tool to help companies gauge their cybersecurity level. Moreover, we hold personal CYBER ⁢dialogues, which provide tailored recommendations to help SMEs fortify their defenses. Our goal is to empower ⁤these businesses with practical tools and knowledge.

**Editor:** Thank you for sharing this valuable information, Marc. ​What message do you have ⁤for medium-sized businesses regarding the importance of cybersecurity?

**Marc Dönges:** My ⁢message would be ‍to take cybersecurity seriously and actively engage with the resources available. ‍It’s ⁢essential⁤ for ​businesses of all sizes to recognize that their data ‌may be at risk and to act preemptively.⁢ The ⁢landscape is daunting, but with the right measures and support, SMEs can​ dramatically improve their resilience against ⁢cyber threats.

**Editor:** Thank you again, Marc, for your insights⁢ on this critical issue affecting so many businesses.

**Marc Dönges:**​ Thank you for having me. Remember,​ cybersecurity⁤ is a collective responsibility, and we ⁤must work together to strengthen our defenses.

Leave a Replay