Companies with more than €1 billion in returns were the most at risk according to the report by international professional services firm Ernst and Young, with one-fifth reporting concrete evidence of cyber attacks.
The report said what was more troubling was that one in five attacks were only detected by accident and companies seem to largely be relying on simple technology for protection.
“The continued carelessness of many companies is surprising,” said Ernst and Young Forensic Technology & Discovery Services leader Bodo Meseke in a statement. “They think that they are sufficiently protected or would not be a target of data theft and cyber-attacks.
“This shows that there are always new revelations that anyone can be a target of such attacks and the common protection mechanisms can be circumvented,” he continued.
Ernst and Young surveyed the CEOs and senior IT executives of 450 German companies.
They found that 80 percent of companies stick to just simple protection strategies, such as putting up firewalls, antivirus software and having good passwords.
About 30 percent of companies use more extensive protections such as intruder detection and prevention systems that can indicate when hacker activity is taking place. This figure is twice as high as in 2013, but the report said it is still too little.
“This is negligence,” said Meseke. “Passwords and antivirus software can be very quickly circumvented by hackers today, within minutes… Firms that have sensitive company or client data on their servers should definitely introduce more stringent security measures.”
The report said that though smaller companies reported fewer attacks than big ones, the actual number of attacks they experience could be much higher because they do not have sufficient technology to detect attacks.
In 74 percent of attacks, hackers went after electronic data processing systems, while in 21 percent of cases IT-systems were attacked. Client and employee data was tapped into in 11 percent of cases while 10 percent of cases were committed by a company’s own employee.
In nearly half (48 percent) of cyber security breaches cases, the hacker remained unknown and 18 percent of attacks were committed by “hacktivist” groups like Anonymous.