As of 2018, Germany’s mechanical and plant engineering industry was the nation’s largest industrial employer. However, a new VDMA report has revealed that the industry is largely ill equipped to handle security risks.
The report, produced by the Mechanical Engineering Industry Association, includes the results of a survey of 66 companies. According to the report, 60 percent of those surveyed say they expect survey incidents to increase. However, to combat this increased threat, only 41 percent of those surveyed said they have implemented a risk management program.
This month marks the one-year anniversary of a devastating cyber attack in Germany. As part of the attack, a hacker released the personal data of thousands of influential people. This included links to confidential information, photographs and credit card details. The attack was apparently carried out by a 20-year-old with low-level hacking abilities, revealing just how unprepared Germany is to defend itself against such attacks.
Well several reports in recent years indicate that Germany is behind when it comes to cybersecurity, attacks in the country aren’t new. In 2014, a report from Germany’s Federal Office for Information Security confirmed that a cyber attack on a German iron plant caused physical damage. At the time, this was only the second confirmed case of a cyber attack physically damaging equipment.
The new VDMA report upholds the notion that the nation is unprepared. Despite apparent security threats, 58 percent of mechanical and plant engineering companies surveyed still don’t have a specified production security employee. However, security staffing seems to be improving. Sixty-eight percent of those companies with more than 1000 employees have an industrial security officer, compared to 46 percent in 2013.
The VDMA report also found that only 23 percent of those companies surveyed regularly inspect the security of the machine and plant network. According to the report, the results of the survey seem to indicate “an approach that is more reactive than proactive.”
On a more promising note, 80 percent of those surveyed have implemented technical measures to prevent security incidents in production. Additionally, awareness of security standards has increased with 83 percent of respondents saying they are familiar with at least one security standard.
Overall, Germany has taken some steps to address cyber threats. In 2015, the country enacted the IT Security Act which aims to improve IT security and prevent the breakdown of critical infrastructure. Under the law, critical infrastructure operators in certain industry sectors are required to implement minimum IT security measures and report IT security incidents.
However, according to VDMA report, none of those companies surveyed have been directly affected by the law and only one fifth actually fall under its jurisdiction.
In an effort to strengthen the country’s cybersecurity as a whole, in October, the legislature proposed an update of the IT Security Act which would expand IT security requirements and reporting obligations for security incidents. According to the VDMA report, only 57 percent of those surveyed have implemented measures to recognize security incidents.
Cyber attacks in Germany over the last decade illustrate the importance of improved cybersecurity efforts for the country. According to a study released by digital association Bitkom last year, cyber attacks have cost German industries nearly $50 billion.
“With its worldwide market leaders, German industry is particularly interesting for criminals,” Bitkom head Achim Berg said in a statement. “Those who do not invest in IT security are negligent and endanger their business.”