70% of Swiss industrial companies affected: cyberattacks cause so much damage
It can be expensive: individual companies complain of damages of up to 2 million Swiss francs. This shows a new survey from Swissmem, which the association created with the University of Bern.
It can affect anyone, big or small: in the past two years, 70% of Swiss industrial companies have been victims of a cyberattack. This is the result of a survey carried out by the local machinery, electrical and metals industry association Swissmem among its 1200 member companies – in collaboration with the Institute of Criminal Law and Criminology of the University of Bern.
Individual companies have been attacked more than 20 times during this period, as Professor Ueli Hostettler from the University of Bern explained during the presentation of the study at Swiss Industry Day on Thursday. One of the reasons for the increase in attacks is the ongoing digitization, which has received an additional boost from the pandemic. “Decentralization has extended the attack surfaces again,” Hostettler points out.
The most common form of attack was the so-called “CEO scam”, in which criminals attempt to trigger payments with the fake identity of the boss. About half of businesses that have experienced cyberattacks in the past 24 months have been affected. More than 40% were victims of so-called “phishing emails”, more than 20% of viruses or Trojans.
Amount of damage: up to 2 million Swiss francs
The damage suffered by businesses varies greatly, both in terms of scale and financial consequences. According to a survey, around 82% of the incidents resulting from the cyberattack resulted in no restrictions or only easily digestible restrictions that could be remedied after a short period of time. For 16%, on the other hand, the attack resulted in “notable restrictions”, and for a good 2%, it even endangered the existence of the company.
The amount of damage is estimated at up to 10,000 francs in about 40% of incidents, and in almost 33%, the attack caused costs of 10,000 to 100,000 francs. In a fifth, the amount of damage was higher, in more than 6% it was even more than one million Swiss francs. The highest amount of damage mentioned in the investigation is 2 million francs, as explained by Hostettler.
The costs are mainly due to expenditure for immediate preventive and investigative measures, for external advice or for the recovery of data and IT infrastructure.
Cybersecurity is the boss’s business, says the boss
Swissmem President Martin Hirzel was pleased that most of the cyberattacks against Swiss industrial companies went smoothly. He also attributes this to the high level of awareness about it. This is also reflected in the fact that companies have on average no less than 25 protection and intervention measures. But attention must not wane, said Hirzel. Training of employees, regular analyzes of risks and weak points, constant development of protection systems – as well as well-rehearsed crisis management are necessary. Responsibility for this rests with company management, Hirzel added. “Safety is a top priority.”