BERLIN (Reuters) - German companies, particularly small ones, and local governments need to invest far more in cyber security as increasingly organised hackers see them as easy targets for ransomware attacks, the BSI information security office said on Thursday.
In its annual report, BSI said it recorded an average of two ransomware attacks on local governments or municipal businesses per month, with 68 attacks on companies reportedly successful.
That's even as 2022 saw an unprecedented level of investment in cyber security, at around 7.8 billion euros, it said.
Considering that German firms suffered a loss of 203 billion euros ($215.55 billion) from cyber-attacks last year, further steps are urgently needed, even if many companies see security measures as an obstacle in day-to-day operations, it said.
In ransomware attacks, hackers encrypt an organization's systems and demand ransom payments in exchange for unlocking them. Often, they also steal sensitive data and use it to extort victims and leak it online if the payments are not made.
There is increasing competitive pressure among cyber criminals, who have built up a black-market economy and target the easiest victims - in this case small and medium businesses and local government and municipal websites, BSI said.
In a sign of how widespread the problem is, 68 new software vulnerabilities were reported daily, about 24% higher than in the previous reporting period, according to the report.