Cyberattacks on Germany caused 202 billion euros in damage. The BSI Situation Report and Bitkom study 2025 identify ransomware and DDoS as top threats.
Record damage from cyberattacks on Germany
Cyberattacks on Germany inflicted record losses of 202.4 billion euros on the economy over the past twelve months. The Bitkom Wirtschaftsschutz 2025 study puts total damage from data theft, industrial espionage and sabotage at 289.2 billion euros, with around 70 percent attributable to cybercrime. The previous year’s figure stood at 178.6 billion euros, marking a 13 percent increase. Of the 1,002 companies surveyed, 87 percent reported being affected by data theft, espionage or sabotage in the past twelve months, while another 10 percent suspect they were targeted. Bitkom President Ralf Wintergerst stated at the presentation that Germany ranks among the top targets of cybercriminals worldwide. The figures position cyberattacks on Germany not merely as an IT issue, but as a first-order economic risk.
BSI Situation Report 2025 confirms tense security landscape
The Federal Office for Information Security published its Report on the State of IT Security in Germany 2025 on 11 November 2025. During the reporting period from July 2024 to June 2025, the agency registered an average of 119 new vulnerabilities per day, an increase of 24 percent compared to the previous year. BSI President Claudia Plattner described the overall situation as still tense. Federal Interior Minister Alexander Dobrindt emphasized that digital security is a core question of state sovereignty. The report identifies inadequately protected attack surfaces as the central weakness, particularly in web applications and perimeter systems within authorities, SMEs and political organizations.
Ransomware remains the dominant threat for companies
The Federal Criminal Police Office documents 950 reported ransomware attacks during the reporting period. Around 80 percent of the registered incidents targeted small and medium-sized enterprises. According to the BSI, the attacks resulted in data exfiltration or threats of publication of sensitive information in most cases. The Bitkom Wirtschaftsschutz study shows that 34 percent of surveyed companies were affected by ransomware, almost three times as many as in 2022 with 12 percent. 15 percent of those affected paid a ransom. Among the payers, 34 percent of cases involved demands between 100,000 and 500,000 euros, and 12 percent between 500,000 euros and one million. Ransomware-as-a-Service continues to lower the entry barriers for attackers, according to the BSI assessment.
DDoS campaigns accompany political events
Cyberattacks on Germany using DDoS techniques peaked sharply in February 2025, according to the BSI. The number of known attacks was 52 percent above the long-term average. The Federal Election and the Munich Security Conference took place during the same period. Pro-Russian hacktivist groups repeatedly targeted state portals and political institutions. Average bandwidth of the attacks declined year-on-year. Exploitation incidents rose by 38 percent during the reporting period, while blocked accesses to malicious websites increased by 23 percent. The Badbox IoT botnet also remains a significant threat to networked devices in households and businesses, the BSI states.
State-sponsored actors pressure critical infrastructure
The BSI Situation Report lists 28 APT groups relevant to Germany, corresponding to around 25 percent of state-sponsored attacker groups observed worldwide. Germany ranks fourth among target countries, behind the United States, India and Japan. According to Bitkom, 46 percent of identified cyberattacks can be traced to China and Russia. Energy providers, cloud operators, the automotive industry, research institutions and technology-focused companies are particularly affected. The Federal Office for the Protection of the Constitution assesses hybrid warfare by foreign states as a daily reality in German cyberspace. Russian actors primarily aim at disruption and disinformation, while Chinese groups focus on industrial espionage and technology transfer, according to the BSI.
Recommendations against cyberattacks on Germany
BSI and Bitkom call for consistent attack surface management as a central lever. The agency recommends structured vulnerability management, security by design, established emergency plans and targeted preventive measures against ransomware. For SMEs, the BSI points to the CyberRisikoCheck according to DIN SPEC 27076 and state funding programs. Bitkom advises spending at least 20 percent of the IT budget on security. The current average stands at 18 percent. 39 percent of companies still have no emergency management in place for serious incidents. Regular employee training, network segmentation and supply chain security are considered minimum standards. Given the ongoing escalation, these measures will gain further importance in 2026, as cyberattacks on Germany remain at record levels.
