Fear of Cybercrime Slows Down Innovation

Research

ZEW Survey on Cybersecurity as Part of the EFI Report

The Commission of Experts for Research and Innovation (EFI), of which Professor Irene Bertschek is a member, presenting its 13th annual report to the German Chancellor.

The threat posed by cyberattacks rises · Fear of cybercrime slows down innovation activity among businesses · Insufficient qualified personnel to satisfy the high demand for cybersecurity experts · Germany is lagging far behind its international competitors in terms of innovation and cybersecurity.

The most recent annual report of the Commission of Experts for Research and Innovation (EFI), which was presented to the German Chancellor in Berlin today, focuses on cybersecurity and the effects of cybercrime risks on innovation activities.

“As digitalisation and digital interconnectedness progresses, new risks for innovative companies emerge. Many innovative companies in the German information economy and the manufacturing sector therefore see a great need to protect their IT systems when engaging in innovation activities. In addition, more than half of these innovative companies expect the risk of becoming the target of a cyberattack to increase further in the coming years,” says Uwe Cantner, chair of EFI and professor at the University of Jena.

Corporate innovation activities are directly affected by the threat of cyberattacks, which in turn have indirect negative effects on Germany’s economic growth. “This is particularly true for the contribution to growth from future technologies like artificial intelligence or the Internet of Things. After all, the success of these technologies will essentially depend on how secure they are,” explains Professor Irene Bertschek from ZEW Mannheim and member of EFI. 

General documents

ZEW Short Expertise on Cyber Security and Innovations (in German only)

Survey on cybersecurity and innovation

On behalf of the expert commission, ZEW researchers investigated whether the perceived risk of cyberattacks has an effect on the innovation activity of companies. For this purpose, the researchers conducted a representative survey among companies in the information economy and the manufacturing sector in the third quarter of 2019, which revealed that 64 per cent of companies do not expect the risk of cybercrime to have any effects on their innovation projects. This means, however, that in around 30 per cent of businesses, ongoing projects are delayed due to the threat posed by cybercrime. Moreover, the threat of cyberattacks has prevented around 17 per cent of companies from launching planned projects, and another 12.5 per cent from even planning new innovation projects.

Many obstacles to increasing cybersecurity

Cybersecurity is an inherent part of innovation, with cybersecurity products and services contributing to the generation of economic growth and wealth in Germany. In 2017, the gross value added of the German IT security sector reached 15.5 billion euros, accounting for 14.3 per cent of total turnover in the IT sector (108.6 billion euros). In the period between 2010 and 2017, the gross value added of the cybersecurity sector grew by an annual nominal rate of 5.6 per cent, outperforming both the IT sector and the overall economy.

Despite this, Germany’s share of patent applications in this sector currently amounts to 6.2 per cent and is therefore well behind that of the US (33.5 per cent), Japan (13.7 per cent) and China (11.6 per cent). “Of the 150 most innovative cybersecurity companies in the world, 112 are from the US, 18 from Israel, and unfortunately, only one is from Germany,” states Professor Bertschek.

“There are many obstacles to increasing cybersecurity – and therefore also to improving the innovation activity among German companies,” explains Christoph Böhringer, a professor at the University of Oldenburg and member of EFI. Individual actors invest far too little in cybersecurity, as they do not take into account the positive effects that their own security has for others. Users of IT products such as hardware and software have only limited insight into the level of security that IT companies provide. Companies, on the other hand, often face difficulties quantifying the risk of a cyberattack and estimating the potential damage of such an attack. A major obstacle for more cybersecurity is currently the skills shortage in this area. “Hiring cybersecurity experts is a major concern for both businesses and the government. However,” warns Professor Bertschek, “many job openings remain vacant for a long period of time due to a lack of qualified personnel.” Small companies are particularly affected by this problem.

On the basis of their analysis, the expert commission of the federal government recommends the following measures:

Measures