Attacks on prominent corporations make big headlines. According to a study, however, hackers and their ilk are increasingly targeting small and medium-sized enterprises (SMEs). Due to limited resources, these businesses are particularly vulnerable to cybercrime.

Most Germans are afraid of cyberattacks. This is evident from a study presented by the industry association Bitkom at the Munich Cyber Security Conference (MCSC) in mid-February 2025. According to the study, 7 out of 10 respondents consider the threat of cybercrime in Germany to be high.

61 percent even fear a cyberwar, and 64 percent believe the Federal Republic is poorly prepared. The primary concern is directed against foreign intelligence agencies and organized crime, with most respondents seeing the country, rather than themselves, as being in danger.

SMEs often “easy prey” for cybercrime

Those who are increasingly feeling the rise in cybercrime are primarily businesses, and among them, small and medium-sized enterprises (SMEs) that form the backbone of the German economy. These companies are less in the spotlight but often lack the financial and personnel resources to protect themselves against cybercrime, as Security Insider reports. Their often incomplete security measures make them “easy prey.” Yet, SMEs also possess many sensitive customer and business data that can be valuable to cybercriminals. Through extensive supply chains, they can also easily become the entry point for attacks on larger companies.

Increased Zero-Day and APT Attacks

According to the 2024 BSI situation report, malware attacks have seen a significant increase, particularly in 64-bit Windows environments by 256 percent, and on Android devices by 48 percent. The Federal Office for Information Security (BSI) is also noting a growing professionalization of cybercrime, with 22 different APT groups active in Germany last year to spread Advanced Persistent Threats. Additionally, ransomware groups are increasingly exploiting zero-trust vulnerabilities that are often unknown even to manufacturers, making them particularly difficult to detect.

Even simple steps can provide protection

As concrete measures for enhanced cybersecurity, the BSI (Federal Office for Information Security) recommends that small and medium-sized enterprises (SMEs) implement basic safeguards.

These include introducing password policies, installing a robust firewall, deploying antivirus software on all endpoints, implementing data encryption for sensitive information, and establishing a rights and roles concept for data and system access. Equally important is training employees and raising their security awareness. The latter can be achieved, for example, through phishing tests that demonstrate how easily email users can be deceived.

Another measure that is often lacking or only half-heartedly pursued in smaller companies involves regular backups and system updates.

Source of title image: Adobe Stock / Amgun

Read more

• Industrial connectivity increasingly threatened by IoT ransomware
• Greenpeace study sees energy transition threatened by AI
• Augmented reality growing in popularity among young Germans

More on this topic: Further articles on SecurityToday

Frequently Asked Questions

These include introducing password policies, installing a robust firewall, d