What is individual cyber crime and corporate cyber crime

15.12.2020 13:22

Cyber ​​crime and hacker attacks: what is our data worth to us?

Lars Kruse University communication department
Bielefeld University of Applied Sciences

Prof. Dr. Achim Schmidtmann from the Bielefeld University of Applied Sciences researches the costs of IT security: In addition to technical weak points, people are the biggest security gap for companies. There are no uniform regulations by the legislator for the smart home area.

Bielefeld (fhb.) From spam emails in the inbox to security gaps in private surveillance cameras and hacker attacks on companies: insufficient protection of our digital data can have serious consequences. But protecting them comes at a cost for both businesses and individuals. And: These costs can often not be precisely quantified. Together with students from the Bielefeld University of Applied Sciences, Prof. Dr. Achim Schmidtmann researches which aspects are important in a cost-benefit calculation. The results are summarized in the recently published anthology "Costs of IT Security".

"According to a survey by the digital association Bitkom e. V. attacks on German companies cause total damage of almost 103 billion euros each year. In return, German companies only spent around 4.6 billion euros on hardware, software and services in the field of IT security in 2019, ”explains Schmidtmann, who teaches business informatics at the Bielefeld University of Applied Sciences. “The discrepancy shows that the level of risk awareness among managers and decision-makers is still too low. Only when companies are affected by specific incidents does IT security suddenly change from an abstract to a specific topic. "

But what exactly does it cost a company to protect itself from outside attacks? "In short: there is no magic formula," explains Schmidtmann. Due to the complexity of information and IT security and the very individual characteristics of a company, a cost-benefit calculation is difficult. The costs can easily be calculated for measures on the hardware or network side (such as daily data backup). “In addition to the technical and organizational deficiencies, the biggest weak point is the person in front of the screen who clicks on links or opens attachments,” says Schmidtmann. The only way to prevent this is through educational work and regular training.

Measures that are comparatively cost-intensive - but important: "As before, many companies do not feel seriously threatened by the risk of falling victim to a cyber attack," explains Schmidtmann. Figures from the Bitkom e. V. show, however, that every second company was affected by attacks in 2017. The cyber security survey conducted by the Alliance for Cyber ​​Security (ACS) came to the result that 76% of those surveyed saw cyber attacks have the potential to impair operational processes. The Office for the Protection of the Constitution also counted an attack on a company in Germany every three minutes in 2018, and the police crime statistics in 2018 showed a total of 87,106 cases of cybercrime in the narrower sense.

“All of these security incidents sometimes have existential consequences, ranging from the loss of data and devices to damage to the company's image and the threat of production and operational downtime. Investments in IT security are therefore money well spent in many respects and are urgently needed, as there are still a large number of weak points in most companies. In addition, IT systems are constantly evolving. Continuous work in this area is therefore essential, ”concludes Schmidtmann.

But also in the private sector the question of how much our security has to cost is gaining in importance due to smart home systems. Although some devices such as electronic door locks or cameras are intended to increase security in your own four walls, these can also become a security problem. The reason for this is the often inadequate IT security of the devices, which means that unauthorized persons take control of the devices, access data, completely bypass security mechanisms such as electronic door locks, use surveillance systems to break into the privacy of the actual owner or simply incur costs.

The necessary legal regulations are still lacking in many areas. For example, it has not been clarified who is liable if a smart refrigerator places an incorrect order or whether the refrigerator is legally able to place an order without human intervention. Schmidtmann: “The market is developing very quickly, there are hardly any standards. Here, the legislator is asked to clearly define uniform guidelines and requirements. "

In addition to these topics, the anthology by Prof. Dr. Achim Schmidtmann further articles on data protection as a cost factor or an approach to cost calculation for the information security of Internet of Things devices. The idea for the book came about as part of a seminar in the master’s degree in business informatics. “A scientifically sound discussion of the topic has so far only taken place to a limited extent. And it is precisely for this reason that we have decided to publish the results of the seminar in book form in order to reach a broader audience and to stimulate and support the discussion on this topic, ”explains Schmidtmann.

Original publication:

"Costs of IT security: a starting point for further investigations" by Maximilian Grigat, Stefanie Jurecz, Sascha Kirschner, Robin Seidel, Tobias Stepanek, Achim Schmidtmann (eds.), ISBN-13: 9783752608748, e-book, ISBN-13: 9783752616286

Features of this press release:
Information technology, business
Research results, scientific publications