A new study has found that a third of small and medium-sized companies have been the victim of industrial espionage. Experts say they should work more closely with authorities to prevent future attacks.
A report released Thursday by a panel of experts including leading research institutes and the Federal Crime Office (BKA) shows that one-third of Germany's small and medium-sized enterprises (SMEs) have been spied upon. The report was part of the WISKOS research project on industrial espionage in Germany and Europe.
Those companies, which are the backbone of the German economy, "develop valuable and sought-after expertise which arouses the interest of competitors and other countries," according to the report.
The expert panel found that a fifth of SMEs had failed to develop strategies for detection or prevention of attacks.
Small German companies making big machine tools for China
'No company can feel safe'
The study found that 34 percent of the attacks came from within the companies themselves, 44 percent came from outside and 15 percent from both. It is unclear where the other attacks originated.
Esther Bollhöfer of the Fraunhofer Institute for Systems and Innovation Research (ISI), which contributed to the report, said: "The results of our surveys show that no company can feel safe. It can affect all sectors and companies of all sizes."
Researchers interviewed hundreds of businesses and dozens of experts for the surveys and concluded that the number of unreported cases was far higher than previously thought, often because companies either did not realize that a crime had been committed, falsely assessed the situation or did not report it.
The biggest problem: Lax security
Experts say that lax security is the biggest problem, citing the fact that employees often have broad access to sensitive information despite not having to go through background checks before gaining that access. They also warned that companies should encrypt emails and regulate the use of private devices for company business — these were the door through which data was stolen in one-quarter of all cases.
Recently, German prosecutors pressed criminal charges against a Chinese-born engineer who was employed by specialty chemical company Lanxess and is accused of having stolen company secrets with the intent of setting up a copycat chemical reactor in China.
Industrial spying and the BND
Need for closer cooperation
The report also said that most companies lacked adequate security to protect their computer systems, adding that roughly one-fifth of companies with 50 employees or less had no strategy whatsoever to protect against data theft or cyberespionage.
"When it comes to espionage, most companies lack clarity," said Werner Heyer of the State Crime Office of Baden-Württemberg. When companies discover a breach, they often fail to notify authorities.
A representative from Germany's Federal Crime Office said that makes for problems, because "criminal authorities can only succeed if they are immediately notified of such breaches." The report called for companies to work more closely with authorities in order to effectively combat data theft.
Call for update to laws
The experts also pointed out the need for politicians to overhaul laws to better protect German companies against cyberattacks from foreign competitors and state actors.
The panel said Germany's strict separation between economic espionage, which is orchestrated by foreign governments, and competitive espionage, which is done by other companies, no longer made sense.
Michael Kilchling of the Max Planck Institute for Foreign and International Criminal Law (MPICC), said: "Most companies see it as irrelevant and ineffective in terms of detecting and prosecuting data breaches."
Industrial Espionage – how safe are German companies?