German Businesses Ill-Prepared for Hybrid Attacks, New Study Reveals
Germany’s economic resilience faces a growing threat from hybrid attacks – coordinated efforts combining cyber warfare with physical disruption – yet a significant portion of the country’s businesses are woefully unprepared to withstand them. A recent study by Bitkom, Germany’s leading association for information technology, telecommunications and new media, paints a concerning picture of vulnerability, revealing that many companies could see operations crippled within a day of a major internet outage. This lack of preparedness extends beyond technical defenses, highlighting a broader demand for increased awareness and proactive measures across the German economy.
The study, which surveyed 604 companies with 10 or more employees, found that approximately 20% would be forced to halt operations immediately following an internet disruption, while a further 60% could only maintain business for up to 20 hours. Only 8% of companies believe they could continue operating for more than 48 hours. This dependence on internet connectivity underscores a critical weakness in Germany’s infrastructure, making it a prime target for hybrid attacks designed to destabilize critical systems. The findings come as geopolitical tensions rise and the threat of state-sponsored and non-state actor attacks increases globally.
“Hybrid attacks on Germany, which take place in a gray area between war and peace, are not a potential risk, they are a reality,” stated Dr. Ralf Wintergerst, President of Bitkom, in a press release accompanying the study’s publication. “we must massively increase the resilience of the economy, the state, and society.” The sectors identified as particularly vulnerable include energy, banking and insurance, healthcare, and telecommunications and IT infrastructure. These sectors are not only vital to the functioning of the German economy but also represent attractive targets for adversaries seeking to inflict maximum disruption.
Awareness High, Implementation Lacking
Despite the growing awareness of the threat, the study reveals a significant gap between recognizing the danger and implementing effective protective measures. A majority (59%) of companies surveyed believe it is likely they will become the target of a hybrid attack, and 61% consider protection against these attacks to be a top priority for leadership. However, a substantial 40% of companies report feeling completely unprepared, while another 38% sense only poorly prepared. A mere 12% consider themselves adequately equipped to defend against such attacks, and none rated their preparedness as “very good.”
The core issue, according to Bitkom, is a lack of comprehensive and widespread protection. The study found that only one in ten companies regularly conducts crisis simulations to test their response capabilities. This lack of practical preparation leaves businesses vulnerable to unforeseen consequences and hinders their ability to effectively mitigate the impact of an attack. The need for regular drills and exercises is paramount to identifying weaknesses and refining response strategies.
Dr. Wintergerst emphasized the urgency of closing the gap between awareness and protection, stating, “We must close the gap between awareness of the dangers and the level of protection as quickly as possible.” This requires a concerted effort from both the public and private sectors to invest in cybersecurity infrastructure, develop robust incident response plans, and foster a culture of security awareness throughout organizations.
IT Service Providers Offer Support
IT service providers, such as CANCOM, are positioned to assist companies in bolstering their defenses against hybrid threats. CANCOM offers a range of cybersecurity solutions designed to help businesses secure their digital infrastructure and enhance their overall resilience. These services include comprehensive cyberattack protection and the implementation of strategies to strengthen digital resilience – crucial components in safeguarding against hybrid attacks. More information on CANCOM’s cybersecurity services can be found here.
The nature of hybrid attacks demands a holistic approach to security, encompassing not only technological defenses but also organizational preparedness and employee training. Companies must adopt a proactive stance, continuously monitoring their systems for vulnerabilities and implementing robust security protocols to mitigate the risk of compromise. This includes investing in advanced threat detection technologies, implementing multi-factor authentication, and regularly updating software to patch security flaws.
Understanding Hybrid Attacks
Hybrid attacks represent a significant evolution in the threat landscape, moving beyond traditional cyberattacks to incorporate physical disruption and manipulation. These attacks often target critical infrastructure, such as power grids, transportation networks, and communication systems, with the goal of causing widespread chaos and undermining public trust. The coordinated use of different tactics makes hybrid attacks particularly challenging to defend against, requiring a multi-layered security approach that addresses both cyber and physical vulnerabilities.
According to a report by the European Union Agency for Cybersecurity (ENISA), hybrid attacks are characterized by their ambiguity and the difficulty in attributing responsibility. ENISA’s report on hybrid threats details the various tactics employed by adversaries and provides guidance on how to enhance resilience against these attacks. The report highlights the importance of information sharing and collaboration between government agencies, private sector organizations, and international partners.
Bitkom’s Role in Strengthening Cybersecurity
Founded in 1999, Bitkom e.V. Serves as the leading trade association for Germany’s information and telecommunications industry. With over 2,200 member companies, Bitkom plays a crucial role in shaping cybersecurity policy and promoting best practices. Currently led by President Ralf Wintergerst and CEO Bernhard Rohleder, Bitkom actively engages with policymakers, industry leaders, and researchers to address the evolving cybersecurity challenges facing Germany. Further information about Bitkom and its activities can be found on its official website.
Bitkom’s recent initiatives include advocating for increased investment in cybersecurity research and development, promoting the adoption of cybersecurity standards, and raising awareness among businesses and the public about the importance of cybersecurity. The association also provides training and certification programs to help professionals develop the skills needed to protect against cyber threats.
The Path Forward: Building Resilience
Addressing the vulnerability highlighted by the Bitkom study requires a multi-faceted approach. German businesses must prioritize cybersecurity investments, conduct regular risk assessments, and implement robust incident response plans. Government agencies need to strengthen critical infrastructure protection, enhance information sharing, and foster collaboration between the public and private sectors. Investing in cybersecurity education and training is essential to building a skilled workforce capable of defending against evolving threats.
The increasing sophistication and frequency of hybrid attacks demand a proactive and comprehensive approach to security. By prioritizing resilience and investing in robust defenses, Germany can mitigate the risk of disruption and safeguard its economic stability in an increasingly complex and interconnected world. The next key date to watch is March 10, 2026, when Bitkom@eight will host a conference with Björn Böhning, State Secretary in the Federal Ministry of Finance, to discuss these critical issues.
What are your thoughts on Germany’s preparedness for hybrid attacks? Share your insights and concerns in the comments below, and please share this article with your network to raise awareness about this critical issue.