Cyber Attacks on German SMEs: 1 in 6 Craft Businesses Hit | Sophos Report

by Anika Shah - Technology
0 comments

German Skilled Trades Face Rising Cybersecurity Threats

Cyberattacks are increasingly common in Germany’s skilled trades, with a significant portion of companies experiencing security incidents. A recent Sophos survey reveals a growing awareness of these risks among management, alongside a persistent shortage of cybersecurity specialists nationwide.

Growing Incidence of Cyberattacks

Sixty percent of German companies in the skilled trades surveyed reported at least one security incident in the past year, with 23.5% experiencing multiple incidents. Only 37.5% reported remaining unaffected during the same period. Specifically, one in six businesses has experienced a cyberattack or security incident [1].

Increased Management Focus on Cybersecurity

Cybersecurity is gaining prominence as a business risk, moving beyond being solely an IT concern. Over 80% of surveyed companies are now addressing cybersecurity more intensively than in previous years. Approximately 29.5% report significantly increased concerns, while another 51.5% are addressing the topic more frequently. This trend reflects a growing understanding at the executive level, which has steadily increased across surveys conducted in 2022, 2024 and 2025 [1].

Key Threats Identified

Phishing is currently identified as the most significant threat, cited by 48% of companies. Other concerns include IT outages (34.5%), data loss (34%), and the misuse or theft of customer data (34%). Human factors similarly play a role, with 34.5% citing careless employee behavior as a risk and 31.5% reporting targeted fraud attempts via phone or in person.

Digital Networks and Security Measures

The survey indicates a high degree of digital integration within the skilled trades. 58% of companies secure networked machines, tools, and systems through specifications, updates, and access controls. However, 29% only protect individual devices, and 10.5% rely solely on manufacturer promises.

Recommendations for Improved Cybersecurity

Sophos recommends that companies in the skilled trades prioritize cybersecurity as a core corporate responsibility and integrate it strategically. Key measures include:

  • Employee training and awareness programs to identify attack patterns.
  • Consistent protection for networked machines, mobile devices, and control systems, including regular updates and access controls.
  • Robust backup concepts and clearly defined emergency procedures to minimize downtime.

Germany’s Cybersecurity Specialist Shortage

Germany is facing a severe shortage of cybersecurity specialists, contributing to record damages of €202.4 billion in 2024 due to cyberattacks [3]. Nine out of ten organizations surveyed reported a shortage of specialists, up from two-thirds in 2023. The total damage caused by cyberattacks in 2024 reached €267 billion, including €179 billion from attacks themselves, and the remainder from data theft, IT equipment loss, and espionage [3].

Legislative Updates

In 2024, German IT security legislation was modernized with the transposition of the second EU Directive on the security of network and information systems (NIS-2) into German law. This expands the number of companies required to implement cybersecurity measures and report cyberattacks [4].

Related Posts

Leave a Comment