Half of German companies hit by sabotage, spying in last two years, BSI says

BERLIN (Reuters) - More than half the companies in Germany have been hit by spying, sabotage or data theft in the last two years, the German IT industry association Bitkom said on Friday, and estimated the attacks caused around 55 billion euros' worth of damage a year. Several high-profile attacks have occurred recently, such as the WannaCry ransomware attacks in May and a virus dubbed "NotPetya" that halted production at some companies for more than a week. Others lost millions of euros to organized crime in a scam called "CEO Fraud". Some 53 percent of companies in Germany have been victims of industrial espionage, sabotage or data theft in the last two years, Bitkom found - up from 51 percent in a 2015 study. At the same time, the damage caused rose by 8 percent to around 55 billion euros a year, the survey of 1,069 managers and people responsible for security in various sectors found. Arne Schoenbohm, president of Germany's BSI federal cyber agency, said many big companies and especially those operating critical infrastructure were generally well-prepared for cyber attacks. But many smaller and medium-sized companies did not take the threat seriously enough, he said. "The high number of companies affected clearly shows that we still have work to do on cyber security in Germany," he said in a statement on Friday. The BSI urged companies in Europe's largest economy to make information security a top priority and said all companies need to report serious IT security incidents, even if anonymously. Schoenbohm told Reuters in an interview that hardware and software makers should do their part to shore up cyber security and patch weaknesses in software more quickly once identified. "There's still a lot of work to be done," he said. "We have to be careful that we don't focus solely on industry and computer users, but also look at the producers and quality management." Some 62 percent of companies affected found those behind the attacks were either current or former employees. Forty-one percent blamed competitors, customers, suppliers or service providers for the attacks, Bitkom said. Foreign intelligence agencies were found to be responsible in 3 percent of the cases, it said. Twenty-one percent believed hobby hackers were responsible while 7 percent attributed attacks to organized crime. (Reporting by Michelle Martin, Andrea Shalal and Thorsten Severin; Editing by Larry King and Hugh Lawson)