289 billion euros in damages per year – and yet hardly anything is being done about it? The Bitkom study ‘Economic Protection 2025’ shows that cyber attacks are the new normal, but companies and politicians are slow to respond. Ari Albertini, CEO of FTAPI, demands that cyber resilience must become a top priority. Those who neglect their digital security jeopardise competitiveness, jobs and future investments: €289 billion in damage from cyber attacks – every year. The latest Bitkom study, ‘Economic Protection 2025’, shows relentlessly that cybercrime is no longer an exception, but the new normal.

Almost nine out of ten companies in Germany have already been affected.

However, what is truly alarming is not only the scale of the damage, but also the response to it. While we argue at length about every new regulation or requirement, it seems to be accepted that we lose hundreds of billions of euros every year. There is hardly any outcry, hardly any pressure – as if cybercrime were a natural phenomenon that simply has to be factored in.

But one thing is clear: neither regulations such as NIS-2 nor the discussion about mandatory cyber insurance will solve the problem on their own. Standards are important, insurance can provide relief, but whether voluntary or mandatory, they are no substitute for a holistic strategy. Cyber attacks threaten supply chains, block production, destroy reputations and jeopardise competitiveness and thus also jobs. Anyone who continues to push this risk into the technology corner is misjudging the reality. It is a business risk – and therefore a matter for top management.

And this is where the real task lies: board members and managing directors must make cyber resilience a top priority – with clear responsibilities, investments in prevention and regular risk analyses. Security is not a project that can be ticked off once and for all, but a process that must be lived out on an ongoing basis. Associations, in turn, are called upon to put the issue of economic protection on the agenda with the same energy they devote to tax issues or regulation. Politicians, too, must not limit themselves to imposing requirements, but must actively support companies – especially small and medium-sized enterprises, which otherwise can hardly afford the necessary measures.

Ultimately, it is also a matter of social awareness: cyber attacks are not an abstract threat from the digital sphere, but affect jobs, innovation and competitiveness. Every pound we lose through negligence is money we cannot invest in the future.

My conclusion: economic protection must not remain a niche issue. We must stop tacitly accepting damage and start taking responsibility. Cyber resilience is a question of competitiveness – and thus the most important investment German companies can make today.