We Have a Security Problem

In a recent survey of IT managers from German industry, not even half (46%) were convinced that the economy is sufficiently protected against cyber attacks. Less than a third (29%) said they were really familiar with the cyber security regulations and standards relevant to their industry, and a quarter were not familiar with them at all. These are key findings from the "OT+IoT Cybersecurity Report 2024" by the Düsseldorf-based cybersecurity company Onekey. Over 300 industrial companies were surveyed in spring 2024 for the report on the security of industrial control systems (Operational Technology, OT) and in devices for the Internet of Things (IoT).

Underdeveloped risk awareness

The sobering result of the study can be summarized as follows: Although industrial digitalization has been accelerating for years and more and more software is being used in control systems, awareness of the associated cyber risks appears to be significantly underdeveloped among many manufacturers and operators. "This is already a concrete danger for manufacturers and therefore all operators of industrial devices and infrastructures," says Jan Wendenburg, CEO of Onekey.

ERP systems in focus

A study by Onapsis, a provider of ERP security and protection for business-critical SAP applications, came to a similar conclusion. The study looks at ERP security in times of AI-supported ransomware and surveyed 500 cybersecurity decision-makers in companies with 500 or more employees in the DACH region and the UK.

Artificial intelligence is driving the development and spread of ransomware, according to experts. Cyber criminals are using AI to develop more sophisticated and targeted attacks. Machine learning enables ransomware programs to identify and exploit vulnerabilities in networks and systems more quickly, personalize phishing attacks and make them more difficult to detect by traditional security solutions. In Gartner's Emerging Risk Ranking, AI-supported attacks were the biggest concern of the companies surveyed in the first quarter of 2024.

The latest study by Onapsis also confirms that ransomware is a major challenge: A total of 83 percent of companies have experienced at least one ransomware attack in the past year, 46 percent have experienced four or more and 14 percent stated that they have even been exposed to ten or more attacks.

SAP application landscapes and enterprise resource planning (ERP) systems contain the most valuable company data and manage critical business processes. This makes them particularly attractive to ransomware actors. The ERP system was affected in 88 percent of DACH companies that had suffered at least one ransomware attack. Furthermore, 62% stated that the ransomware attack led to downtime of at least 24 hours.

"SAP applications are the operational heart of companies. If this system is paralyzed by a cyber attack, all business and production processes quickly come to a standstill," explains Volker Eschenbächer, VP Sales International EMEA & APAC.

Security operations center providers benefit

A study by consultancy firm Information Services Group (ISG) also confirms that artificial intelligence and the pent-up demand from SMEs are driving demand for robust end-to-end services.

Security operations center service providers benefit particularly strongly. The market research and consulting company examined the portfolio and competitive strength of 85 IT service providers and product providers that support companies and public institutions in fending off cyber attacks and preventing data breaches. "Despite the still tense economic situation, cybersecurity remains one of the most dynamic growth areas," says study author Frank Heuer, who works as Lead Analyst Cybersecurity DACH for ISG, and explains: "While growth in the German IT market as a whole is in the low single-digit range, SOC operators in particular are recording double-digit growth rates."