The results of the report are alarming, as the risk of companies falling victim to criminals in the IT sector has never been greater. Companies of all sizes are affected, and the number of attacks has increased further in the wake of the attack on Ukraine. Cyberattacks are caused by criminals on the one hand, but increasingly also by state institutions.

The attackers are usually highly specialized and well equipped. As a result, defending against attacks is becoming increasingly challenging and is almost impossible for many companies. This is because the number of vulnerabilities is also increasing. The report states: "The number of known vulnerabilities has recently increased. Cyber criminals can use the gaps in software and hardware products to cause extensive damage or access valuable information."

Everyone involved is therefore required to improve IT security: Starting with the software manufacturers, who must ensure that security mechanisms are taken into account as well as - where necessary - providing regular updates and security patches. This applies to security software in particular, but also to user programs, control or monitoring and remote maintenance software. Hardware manufacturers also have a duty to design their products to be as secure as possible. This is often difficult because, according to the BSI: "Attacks start with [...] the micro-architecture of a processor or the 'production' and 'supply chain' steps of an IT product. The effort and costs involved in exploiting hardware vulnerabilities are initially higher than for software vulnerabilities. However, the potential benefit from an attacker's point of view is also higher, as hardware vulnerabilities often cannot be fixed by simple software patches."

As attacks can never be completely ruled out from the outset, a large part of the responsibility lies with the company's IT or IT service provider and, last but not least, with the operator of machines, systems and IT equipment. This starts with very simple rules such as secure passwords or the proper handling of USB devices and extends to the complete scanning of data traffic in order to identify and ward off vulnerabilities and attacks as early as possible.

We dedicate the November issue of INDUSTRIAL Production to cybersecurity, which is so important for industry, with the following topics, among others: How to establish efficient security structures, IT security service providers, risk assessment within a company and more security through the European Cyber Resilience Act. I hope you enjoy reading this issue.