Internet Outage: One-Fifth of Companies Would Have to Stop Operations Immediately

Summary

German companies are dramatically ill-prepared for hybrid threats that combine digital and analog attacks, according to a Bitkom survey. In the event of an internet outage, 21 percent would have to stop work immediately, while 83 percent expect a serious crisis from such attacks. Despite the high risks, 78 percent of companies see themselves as insufficiently prepared – a critical deficit for national security.

People

• Ralf Wintergerst (Bitkom President)

Topics

• Critical Infrastructure
• Cybersecurity and Hybrid Attacks
• Business Resilience
• National Security Policy

Clarus Lead

German companies have dangerously low resilience against hybrid attacks that sabotage power grids or introduce ransomware. A representative study by the industry association shows: One in five companies would have to close immediately during an internet outage, with companies able to sustain operations for only 20 hours on average. The reality of this threat was manifested by the Berlin power outage in January 2025 – with calls for massive strengthening of resilience of critical infrastructure.

Detailed Summary

The Bitkom survey of 604 companies with ten or more employees reveals a catastrophic preparedness deficit: 40 percent say they are not prepared at all, another 38 percent only poorly. Only 12 percent feel well equipped. Particularly alarming is outage tolerance: while 8 percent can sustain operations for longer than 48 hours, 21 percent must close immediately. This imbalance is also reflected in infrastructure perception – 90 percent classify energy supply as critically endangered, followed by banks and insurance companies (89 percent).

The protective measures taken remain fragmented: 58 percent use alternative means of communication, 57 percent perform data backups, but only 10 percent conduct regular crisis exercises. Emergency power supplies exist in only 20 percent of operations. Particularly critical: only 61 percent have declared cybersecurity to be a senior management responsibility. Bitkom President Ralf Wintergerst demands concrete measures, including removing data lines from publicly accessible registries to reduce sabotage risks.

Key Findings

• 21 percent of companies would have to close immediately during internet outage, 78 percent see themselves as insufficiently prepared
• Average outage tolerance: only 20 hours – a critical deficit for networked economy
• 83 percent expect serious crises from hybrid attacks; 59 percent consider themselves likely attack targets
• Energy supply, financial sector, and telecommunications are primary targets; outages would have massive cascading effects
• Incomplete prevention: Only 10 percent conduct crisis exercises, 20 percent have emergency power supplies
• Companies demand state information campaigns (71%), public identification of attackers (62%), and situation reports (50%)

Critical Questions

1. Data Quality: How representative is a sample of 604 companies for the German economy? Are SMEs (< 10 employees) systematically underrepresented even though they share infrastructure dependencies?

2. Self-Assessment Bias: Do companies evaluate their preparedness realistically, or do they underestimate gaps because they cannot fully understand risks?

3. Causality of Berlin Power Outage: Was the January 2025 disruption really "left-wing terrorist motivated" or sabotage with hybrid elements? What evidence demonstrates the form of attack?

4. Gaps in Critical Infrastructure Framework Law: Does the law passed in January cover operational requirements (regular testing, redundancies, emergency power), or does it only address reporting obligations and access protection?

5. Information Asymmetry: Do companies actually know their dependencies on critical infrastructure, or is the technical foundation for risk modeling lacking?

6. Political Capacity to Act: Can a state information campaign (71% desire) increase operational resilience if budgets for infrastructure redundancy are simultaneously lacking?

Sources

Primary Source: Internet Outage: One-Fifth of Companies Would Have to Stop Operations Immediately – heise.de, January 2025 (Author: Axel Kannenberg)

Supplementary Sources:

1. Bitkom Survey: Hybrid Threats and Business Resilience (604 companies with 10+ employees)
2. Bundestag: Critical Infrastructure Framework Law (passed end of January 2025)
3. Berlin Power Grid: Power Outage January 2025 (45,400 households, 2,200 commercial operations)

Verification Status: ✓ January 2025

This text was created with the support of an AI model. Editorial Responsibility: clarus.news | Fact-Checking: January 2025