The digital threat landscape for German companies is reaching new heights. Cyberattacks, industrial espionage and digital sabotage are now causing damage running into hundreds of billions of euros and are increasingly becoming a structural risk to competitiveness, supply chains and technological sovereignty. The latest report “Economic Security 2025” by the digital association Bitkom highlights not only the economic scale of the threat but also a fundamental shift in the attack landscape: cybercrime is becoming more professional, state actors are acting more aggressively, and artificial intelligence is transforming both defence and attack.

The figures mark a new record high.

In 2025, the total damage caused by theft, industrial espionage and sabotage will amount to around 289.2 billion euros. This clearly continues the negative trend of recent years. In 2024, the damage stood at 266.6 billion euros, and in 2023 at 205.9 billion euros. Particularly noteworthy: around 70 per cent of the total losses are now directly attributable to cyberattacks. This means that digital attacks alone are causing losses of over €202 billion.

Cyberattacks are becoming the new normal

The study highlights just how much perceptions of the threat landscape have changed. 72 per cent of companies now rate the risk posed by data theft, industrial espionage and sabotage as high. Almost one in three companies even describes the threat as “very high”. At the same time, 97 per cent of the companies surveyed state that they have been affected by attacks, or are suspected of having been affected, within the past twelve months. 87 per cent report specific incidents. This means that the German economy is once again approaching the previous record high set in 2021.

What is striking here is the clear dominance of digital forms of attack.

Information and production systems are particularly frequently affected. 73 per cent of companies report digital sabotage of operational processes or IT systems. Also widespread are the digital theft of business data (66 per cent) and the spying on digital communications such as emails or messenger services (62 per cent). Although analogue attack patterns remain relevant, they occur significantly less frequently.

This development highlights a fundamental shift in economic risks. Whereas in the past it was primarily physical production assets or buildings that needed protecting, today data, communications and digital processes are at the heart of the threat. Communications data is now regarded as a particularly attractive target. 69 per cent of affected companies report the theft of such information. Customer data follows at 57 per cent, and financial data at 39 per cent. Even intellectual property such as patents or research data is now being stolen from almost one in three affected companies.

Organised crime and intelligence services are on the attack

The landscape of perpetrators is also changing significantly. Organised criminal groups are particularly frequently cited as the attackers. 68 per cent of affected companies attribute incidents to organised crime. At the same time, however, the study reveals a trend that is particularly explosive in terms of security policy: the proportion of attacks attributed to foreign intelligence services is rising sharply.

Whilst in 2023 only seven per cent of companies cited such actors, the figure had already risen to 28 per cent by 2025. As a result, the boundaries between traditional cybercrime, industrial espionage and geopolitical influence are becoming increasingly blurred.

Companies are thus increasingly becoming the focus of state-sponsored or state-tolerated attacks.

Russia and China are cited particularly frequently as the countries of origin. In each case, 46 per cent of the affected companies identified at least one attack originating from these states. Russia has seen a significant increase compared to the previous year. Other relevant regions of origin include Eastern Europe outside the EU, the US and other EU member states. At the same time, however, the difficulty of modern attribution is also evident: around one in three companies was unable to clearly determine the origin of the attacks.

The increasing professionalism of the perpetrators is also evident in the methods used to identify them. 75 per cent of companies now gain insights into perpetrator networks through the analysis of log files. At the same time, the importance of state security agencies is growing. Already, 35 per cent of companies have received information about attackers from authorities – significantly more than in the previous year. This highlights the growing interdependence between economic security and the state security architecture.

Ransomware remains the most dangerous method of attack

The threat posed by ransomware remains particularly problematic. 34 per cent of companies report damage caused by digital extortion trojans. This means that ransomware remains the most common form of cyberattack causing damage. This is followed by DDoS attacks at 25 per cent, malware infections at 24 per cent and phishing attacks at 22 per cent.

The economic impact of such attacks is significant. Although 70 per cent of affected companies state that they did not pay a ransom, around one in seven companies pays at least once following an attack. The amount demanded is particularly critical: half of the companies that paid transferred more than €100,000 to the extortionists, with individual cases even exceeding €1 million.

Ransomware is thus increasingly evolving from an IT problem into a strategic corporate crisis. This is because, in addition to the immediate loss of data, there are often production downtimes, reputational damage and substantial recovery costs. At the same time, attackers are increasingly using hybrid extortion strategies, in which not only are systems encrypted, but sensitive data is also published.

AI is changing the rules of the game in cybersecurity

Artificial intelligence is introducing a new dynamic to the threat landscape. Two-thirds of companies now believe that attackers are making greater use of AI technologies. New risks are emerging, particularly in the areas of automated phishing campaigns, manipulative communication and the creation of credible deepfake content.

At the same time, however, the importance of AI on the defensive side is also growing. Already, 38 per cent of companies are using AI to improve their IT security or have concrete plans to do so. Overall, as many as 81 per cent are fundamentally open to AI-supported security solutions. Nevertheless, actual implementation has so far been limited: only six per cent are currently actively using AI for cyber defence.

This discrepancy highlights a key problem in the current security landscape. Whilst attackers are operating in an increasingly automated, scalable and AI-supported manner, many companies are still in the early stages of transformation. The pace of technological development thus threatens to outstrip the organisational adaptability of many companies.

Supply chains are becoming a security risk

The increasing vulnerability of interconnected supply chains is particularly critical. Around one in four companies reports that suppliers have been affected by data theft, sabotage or industrial espionage, or that there was a corresponding suspicion. In 41 per cent of these cases, this had a direct impact on the company itself – for example, through production downtime, supply bottlenecks or reputational damage.

As a result, cybersecurity is increasingly shifting from an isolated corporate issue to a systemic challenge. Resilience is no longer determined solely by a company’s own security architecture, but by the security of entire digital ecosystems. This gives rise to significant cascading risks, particularly in KRITIS sectors and highly interconnected industrial environments.

Companies are investing – but is that enough?

The German economy is now responding with rising investment in cybersecurity. The share of the IT security budget in the total IT budget will average 18 per cent by 2025 – twice as high as in 2022. Furthermore, 59 per cent of companies now have an emergency management plan in place in the event of data theft, sabotage or industrial espionage.

At the same time, however, a significant proportion of the economy remains inadequately prepared. 39 per cent of companies still do not have a structured contingency plan. Given a threat landscape that most companies perceive as continuing to grow, this poses a significant risk.

For the outlook for the coming months is clear: 82 per cent of companies expect a further increase in cyberattacks. More than one in three companies even anticipates a sharp rise. The threat landscape is thus no longer perceived as a temporary crisis situation, but as a permanent feature of economic reality.

Cybersecurity is becoming a matter of economic sovereignty

The Bitkom study makes it clear that economic security today goes far beyond traditional IT security. Cyberattacks no longer affect only individual companies, but increasingly the stability of supply chains, the capacity for innovation and the economic competitiveness of entire economies.

This also brings the issue of digital sovereignty more sharply into focus. When foreign intelligence services pursue economic objectives, supply chains become vulnerable and digital infrastructures turn into a field of geopolitical conflict, cyber security is evolving into a central task of industrial and security policy.

The key challenge in the coming years will therefore not lie solely in better protecting individual systems. Rather, it is a matter of establishing resilience as a strategic principle – technologically, organisationally and geopolitically at the same time.