Cybersecurity fear slows down innovation

The most recent annual report of the Commission of Experts for Research and Innovation (EFI), which was presented to the German Chancellor in Berlin today, focuses on cybersecurity and the effects of cybercrime risks on innovation activities.

“As digitalisation and digital interconnectedness progresses, new risks for innovative companies emerge. Many innovative companies in the German information economy and the manufacturing sector therefore see a great need to protect their IT systems when engaging in innovation activities. In addition, more than half of these innovative companies expect the risk of becoming the target of a cyberattack to increase further in the coming years,” says Uwe Cantner, chair of EFI and professor at the University of Jena.

Corporate innovation activities are directly affected by the threat of cyberattacks, which in turn have indirect negative effects on Germany’s economic growth. “This is particularly true for the contribution to growth from future technologies like artificial intelligence or the Internet of Things. After all, the success of these technologies will essentially depend on how secure they are,” explains Professor Irene Bertschek from ZEW Mannheim and member of EFI. 

Survey on cybersecurity and innovation

On behalf of the expert commission, ZEW researchers investigated whether the perceived risk of cyberattacks has an effect on the innovation activity of companies. For this purpose, the researchers conducted a representative survey among companies in the information economy and the manufacturing sector in the third quarter of 2019, which revealed that 64 per cent of companies do not expect the risk of cybercrime to have any effects on their innovation projects. This means, however, that in around 30 per cent of businesses, ongoing projects are delayed due to the threat posed by cybercrime. Moreover, the threat of cyberattacks has prevented around 17 per cent of companies from launching planned projects, and another 12.5 per cent from even planning new innovation projects.

Many obstacles to increasing cybersecurity

Cybersecurity is an inherent part of innovation, with cybersecurity products and services contributing to the generation of economic growth and wealth in Germany. In 2017, the gross value added of the German IT security sector reached 15.5 billion euros, accounting for 14.3 per cent of total turnover in the IT sector (108.6 billion euros). In the period between 2010 and 2017, the gross value added of the cybersecurity sector grew by an annual nominal rate of 5.6 per cent, outperforming both the IT sector and the overall economy.

Despite this, Germany’s share of patent applications in this sector currently amounts to 6.2 per cent and is therefore well behind that of the US (33.5 per cent), Japan (13.7 per cent) and China (11.6 per cent). “Of the 150 most innovative cybersecurity companies in the world, 112 are from the US, 18 from Israel, and unfortunately, only one is from Germany,” states Professor Bertschek.

“There are many obstacles to increasing cybersecurity – and therefore also to improving the innovation activity among German companies,” explains Christoph Böhringer, a professor at the University of Oldenburg and member of EFI. Individual actors invest far too little in cybersecurity, as they do not take into account the positive effects that their own security has for others. Users of IT products such as hardware and software have only limited insight into the level of security that IT companies provide. Companies, on the other hand, often face difficulties quantifying the risk of a cyberattack and estimating the potential damage of such an attack. A major obstacle for more cybersecurity is currently the skills shortage in this area. “Hiring cybersecurity experts is a major concern for both businesses and the government. However,” warns Professor Bertschek, “many job openings remain vacant for a long period of time due to a lack of qualified personnel.” Small companies are particularly affected by this problem.

On the basis of their analysis, the expert commission of the federal government recommends the following measures:

Addressing the personnel and skills shortage

➔ It is crucial to continue to encourage the development of cybersecurity skills in vocational education and further training, as well as at universities by establishing degree programmes for future cyber experts.

Ensuring the security of digital infrastructures

➔ Components of digital infrastructures should be approved on the basis of criteria that are binding for all countries in the European Single Market. These criteria should encompass technical as well as non-technical aspects and apply to suppliers both from EU and non-EU countries.

➔ The federal government should promote multilateral initiatives like the GAIA-X cloud in order to provide impulses for secure digital infrastructures at national and EU level

Launching the new cyberagency as soon as possible

➔ The “Agency for Innovation in Cybersecurity” created by the federal government should take up its work as soon as possible in 2020.

Overcoming the lack of information on cyberthreats

➔ Proving information and advising services is of key importance, in particular for small and medium-sized enterprises (SMEs). Existing programmes to improve cybersecurity in SMEs should be reviewed in terms of their effectiveness and adapted to the constantly changing security threats.

➔ Initiatives to develop minimum standards and cybersecurity certificates should be supported, in particular on a European level. It is crucial to examine whether there is a need to extend the current reporting obligations for cyberattacks.

Weitere Informationen und Kontakt

WWW.ZEW.DE