In the fight against computer crime, German firms are increasingly afraid of their own employees. Carelessness and incompetence are a major risk - but sometimes the workers themselves are data thieves.
Around two-thirds of German companies fear cyber-attacks from organized crime, a new survey by the consultancy KPMG revealed this week. And half of companies admitted that they felt threatened by employees, former employees, or other "insiders."
The finding were part of a study KPMG presented Tuesday (10.03.2015), entitled "Computer crime in Germany 2015," which surveyed 505 representative firms.
The last time KPMG presented such an "e-crime" study was in 2013, and much has changed since then, KPMG's e-crime specialist Alexander Geschonneck wrote in his intro to the study.
Awareness of the dangers has been heightened by media reports of spectacular cases of data theft and cyber-attacks in general, but also the revelations made by whistleblower Edward Snowden, which illustrated the reach and power of government agencies working in collusion with major telecom firms.
The companies could be divided into two groups, said Geschonneck: those that had already been victims of cyber-crime, and those that hadn't - or at least weren't aware of it yet. The number of firms affected rose significantly - from 26 percent in 2013 to 40 percent in 2014 - with financial services companies particularly affected. KPMG estimated the total damages caused by cyber-crime in the last two years at 54 billion euros ($58 billion).
According to the survey, the biggest dangers came from organized crime, which 42 percent of firms associated with certain countries - in 2013, a quarter of firms described China and Russia as "dangerous" states. In third place, meanwhile, was the US, which 17 percent of firms named as a country of origin for cyber-attacks - a rise of 5 percentage points since 2013 - almost certainly a consequence of the Snowden revelations.
The survey makes a distinction between foreign and domestic intelligence agencies, and unsurprisingly German firms turn out to be much more afraid of foreign spies than of those working for the German government - though smaller firms (defined as those with a turnover of less than 250 million euros) are significantly more afraid of domestic spies.
The study also showed that companies certainly are aware of their responsibility to keeping data safe - but they don't seem to know what to do about it. The weaknesses they have identified include the administration of system access - three-quarters of the companies said they knew that this was an area where they could improve. They were also skeptical about the use of mobile company devices and mobile hard drives, but interestingly fewer companies were concerned about saving data on external services - more than half of companies had no qualms about using so-called cloud computing.
The companies' awareness of their own weaknesses has also risen - in 2013, fully 99 percent of firms thought they had reacted well to cyber-attacks and had no concerns. Now, a quarter of those affected by e-crime "admit to having weaknesses."
Indeed, more firms are now investing in counter-measures to combat cyber-crime - though many were pessimistic about their effects, since, they felt that hackers were using ever-more innovative weapons. "Given that, a majority of companies think there are no adequate protective measures yet," the report said.