Alarming figures: Rise in online crime against businesses

The number of digital attacks on companies is increasing. In some cases, this results in considerable damage. The latest studies by KPMG Austria and Deloitte show how online crime is developing and how companies can protect themselves. 

Alarming numbers are published in the studies “Cybersecurity in Austria” by KPMG Austria together with the Competence Center Secure Austria (KSÖ) as well as in the “Cybersecurity Report” by Deloitte. Every eighth company reports attacks in the digital domain almost daily. Just as many have already suffered economic damage worth more than one million euros due to cyberattacks. Criminal activity has tripled and the range of attacks is wide.

The field of identity theft has grown the most, with an increase of 490%. Industrial espionage, or “advanced persistent threats”, and incidents by employees increased 290%. Data theft is up at 229%, and social engineering attempts have already tripled.

According to Deloitte, the impact of ransomware, i.e. malware that locks computers and encrypts data on them, has worsened significantly: in the previous year, three quarters of all extortion attempts of this type were prevented by technical infrastructure. Now the figure is only 41%.

A good backup strategy does help in the event of damage, but here the value of complete data recoveries has fallen from 59 to 41%. Both studies agree that ransoms were paid in the rarest of cases. The economic damage caused is widespread, as the interruption to company processes can last a long time because of such attacks. For 14% of affected companies, this business interruption lasted longer than four weeks. 

Karin Mair, Managing Partner Risk Advisory and Financial Advisory at Deloitte Austria, therefore warns, “So there is a clear need for action.” Because, despite the worsening threat situation, half of the companies are not taking active countermeasures. Mair therefore calls for clear recommendations for action, such as regular security tests, constant scanning for attacks and the establishment and testing of emergency plans. The latter is particularly important, as it enables a faster response in the event of damage.

According to the publications, one of the main reasons for the drastic increase in online crime is the war in Ukraine. KPMG has determined that one third of all companies see a clear connection, while Deloitte’s figure is as high as 57%. The conflict has undoubtedly led to a change in thinking among many decision-makers. Nearly half of the companies surveyed by KPMG report that the emotional importance of cybersecurity has changed because of the Russian war. Despite this, only 15% have increased their investment in cybersecurity. 

According to the study “Cybersecurity in Austria”, social engineering, the influencing of people, is gaining strongly in importance. Technologies such as “neural networks”, which can automatically create texts and images, and so-called “deepfakes”, which imitate voices or faces online, offer criminals new tools. More than one in five companies were victims of deepfake fraud attempts last year.

“Cybersecurity is a people business. Attacks are targeting people more, but awareness around criminals’ strategies is also growing. It’s an arms race,” says Robert Lamprecht, author of the KPMG study.

“Cybersecurity is the topic of the future par excellence,” Wolfgang Hesoun, Chairman of the Infrastructure Committee of the Federation of Austrian Industries (IV), is certain. It also creates a significant competitive advantage: “Companies need predictability and security. The image of a cyber-secure business location is therefore essential to keep domestic companies in the country and to signal to companies from abroad that they can rely on a secure cyber infrastructure in Austria that proactively counters attacks and protects sensitive company data.”