Security situation - outlook for 2025

1. cybercrime is becoming increasingly sophisticated

Cybercrime poses the greatest threat to the economy. In 2023, economic crime in Switzerland was committed using a digital modus operandi in 43 % of cases. In the case of money laundering, the proportion was as high as 87 %. Unfortunately, the clearance rate for digital crime was only 23.3 %. The picture also looks bleak in Germany. In a report on the state of IT security in Germany in 2024, the Federal Office for Information Security (BSI) recorded an increase in threats and hazards. Ransomware attacks on companies continued to be widespread in 2024 and also increasingly affected SMEs. Ransomware groups are professionalizing their methods and are able to disable detection systems. They primarily exploit "zero-day vulnerabilities" for which there are no security updates yet, with the aim of exfiltrating data. In Germany, an average of 78 new vulnerabilities were identified every day in 2023: in IT products and in perimeter systems such as firewalls and VPNs (virtual private networks). DDoS (Distributed Denial of Service) attacks increased significantly in quality and frequency in the first half of 2024. Public cloud services were also repeatedly attacked last year. On August 28, the industry association Bitkom reported on the results of a representative survey of over 1,000 companies that foreign intelligence services were named as the perpetrators in 20 % of cases - compared to only 7 % in a corresponding survey in 2023. 45 % of the affected companies named China as the source of the attacks, Russia 39 %. 81 % of all companies were affected by data theft, industrial espionage or sabotage in the past 12 months. 65 % of companies feel that their existence is threatened by cyberattacks - in 2021, this figure was only 9 %. And 37 % admitted that there is a lack of risk awareness in their own company. The BSI also registered an increasing lack of concern in its Cybersecurity Monitor (BSI Magazine 2024/02, p.62 - 65). The Global Security Research Report by Fasty Inc. shows that companies are taking longer and longer to recover from cyberattacks, on average 8.6 months in the DACH region (Markt und Qualität magazine, 28.11.2024).

2. Criminal use of artificial intelligence (AI)

Criminals have long since recognized and learned to use AI. Deep fakes enable fraudsters to fake a false identity. When using AI, it is almost impossible to recognize a fake voice. In June 2024, the magazine Management und Qualität presented new developments in the cybercriminal use of AI, sophisticated techniques through which Large Language Models (LLM) answer queries that should actually be blocked. Attackers use LLMs to generate texts for phishing messages and websites with deceptive intent, to generate or refine executable malicious code. Internal company language models are compromised by criminals and used to exfiltrate or manipulate data (BSI Situation Report 2024, p.41). Training data of an AI model can be manipulated in such a way that the model learns incorrect patterns and classifies data incorrectly. A "prompt injection" attempts to insert malicious instructions into an AI system and generate false outputs (BSI guidelines on the secure use of AI systems, published on 24.1.2024).

3. Increased attacks on critical infrastructures (Kritis)

Due to their outstanding importance for the economy, the state and the basic supply of the population, Kritis require high protection measures, as required of operators by the NIS2 Directive (EU 2022/2555) and the CER Directive (EU 2022/2557). This is because they are exposed to dangerous threats. The Swiss Society for Administrative Sciences (SGVW) sees cyber attacks on Kritis in particular as a growing threat to public safety. In addition to direct attacks on critical infrastructure, cyber criminals have also recognized the complexity of supply and process chains as attractive targets. Critical energy supply infrastructures are particularly vulnerable. At the beginning of the Russian attack on Ukraine, an apparently targeted Russian hacker attack on the KI-SAT satellite network caused the operators of thousands of wind turbines in Germany to lose connection to their systems. The sabotage attack on the Nordstream 1 and 2 gas pipelines on September 26, 2022 highlighted the vulnerability of gas supplies to European countries. Cable systems on land and under water are also particularly difficult to protect. Sabotage attacks on them are on the rise. On May 26, 2024, a left-wing extremist group set fire to cables supplying electricity to the construction site of the Tesla plant in Grünheide in Brandenburg. In recent years, Deutsche Bahn data lines have been cut several times with political motivation. This has led to many train failures. In October 2022 alone, three attacks on submarine internet cables became known. In November 2024, the interruption of two data cables in the Baltic Sea was reported. Almost all global internet traffic runs via submarine data cables. Europe is connected to the rest of the world via around 250 land and sea-based cables. At the end of December 2024, an undersea cable for the power connection between Finland and Estonia was destroyed, apparently by a tanker from the Russian "shadow fleet". Power pylons are also an attractive target. In 2024 - as in 2023 - there were repeated high-profile security incidents in the airport area, which led to costly flight cancellations and delays. Climate activists of the "last generation" cut through the perimeter fence of airports several times in order to stick themselves to the tarmac: in July 2023 in Düsseldorf, in July 2024 in Frankfurt, in August in Cologne/Bonn and in Nuremberg. The increasing number of drones also poses a growing threat to the critical infrastructure of air traffic. In the first half of 2024 alone, 75 disruptions were reported at German airports.

4. money laundering is booming

Money laundering threatens public security and burdens the economy, especially the trust of citizens and companies in the rule of law. It covers the tracks of committed crimes against property, secures the loot for the perpetrator and strengthens organized and clan crime. This is why banks, other financial intermediaries and other relevant professional groups are legally obliged to report suspicious transfer transactions. The United Nations Office on Drugs and Crime estimates the amount of money laundered worldwide to be between 800 billion and two trillion dollars. The number of suspected cases reported in Switzerland rose by almost 600 % to over 7,700 between 2010 and 2020. The German PKS registered a total of 32,500 suspected cases in 2023, an increase of 44 % compared to 2022. It is to be feared that the rising trend of this dangerous crime will continue. According to a report in the FAZ on 30 April, the German Financial Intelligence Unit (FIU) had 80,000 suspicious activity reports at the end of March 2024, unfortunately with a false alarm rate of over 95 % for many institutions. AI is therefore used to try to classify transactions as correctly as possible. Heavy fines or sanctions are imposed for breaches of the reporting obligations. In June 2024, for example, FINMA prohibited the Swiss subsidiary of British HSBC from opening new business relationships with politically exposed persons because a transitory account held with it had been used by exposed persons from Lebanon for transactions of over 300 million dollars to Switzerland and back to Lebanon. And the online bank N26 had to pay a fine of 9.2 million euros in 2024 for reporting suspicious cases too late. There have also been recent major successes in investigations. In October 2024, the Munich I Regional Court handed down long prison sentences to an international group of money launderers who had transferred €33 million from Russia to South America and the US with the help of bogus invoices. And in the UK in December 2024, 84 people were arrested in a network that had operated in Moscow, London and Dubai with links to more than 30 countries. At the center of the network, two Russian companies (Smart and TGR Corporate Concierge) were exchanging cash for cryptocurrency. The EU will further strengthen the fight against money laundering with its Anti-Money Laundering Authority.

5. theft in the commercial sector: rising trend

The number of registered burglaries rose sharply in 2023: in Switzerland to almost 28,800 (+ 13% compared to 2022), in Germany to almost 800,000 (+ 9 %). Theft from business, office and storage premises recorded by the police - the most important statistical indicator of theft crime in companies - increased by 7.8 % to over 77,000 cases in Germany in 2023, unfortunately with a minimal clearance rate of 7.9 %. The number of thefts in and from restaurants and hotels almost doubled in the two-year period from 20231 to 2023, to 28,575 cases. And almost 24,000 cases of theft from construction sites were identified in 2023. According to the Crime Report 2024 by Bauwatch, the annual loss to the construction industry amounts to 80 million euros. Copper cables are the most sought-after prey. According to the survey of 500 construction site managers, 21 % were committed by insiders and 30 % by organized criminals. Freight and cargo thefts cause billions in damage every year and have a significant impact on logistics. The German Federal Office for Goods Transport (BAG) puts the annual insured loss at 300 million euros. The media company WUKA, on the other hand, calculated 26,000 cargo thefts in Germany alone in 2020 with a loss amount of 1.5 billion euros (publication of 4.10.2022). Cargo thefts mostly occur in unclassified, unprotected parking lots (for more information on the modus operandi and effective prevention: Reinhard Rupprecht in save 5/2024, p.23-25). Shoplifting has increased in Switzerland in recent years, by 15 % in 2023 compared to the previous year and by 48 % compared to 2020. According to a report in SRF of 23.12.2024, around a quarter of the perpetrators are Romanian nationals and another quarter are asylum seekers from Maghreb countries. In Germany, too, registered shoplifting has already risen sharply in 2023 (by 23.6 % to 426,000 cases). In its 2023 annual report, the EHI identified an increase in inventory discrepancies of almost €5 % to €4.8 billion. They were highest in food retail (€1.9 billion), followed by clothing retail (€480 million), DIY stores (€350 million) and drugstores (€345 million). According to EHI estimates, around 24 million shoplifting incidents go undetected in Germany. That would be almost 100,000 shopliftings every sales day with an average stolen goods value of €117. The EHI assumes that theft at self-service checkouts is 20 to 30 % higher. According to EHI, the biggest cause for concern is the increase in professional gangs of thieves. Although they only account for 6 % of cases, they are responsible for 30 % of the total loss. 1.55 billion euros was spent by the German retail sector on theft prevention in 2023.

6 ATM blasts: Declines to be expected

In Switzerland, the number of ATM explosions using gas or solid explosives, including attempts, peaked at 30 in 2022. In Germany, the number of ATM blasts fell by 7 % to 461 in 2023. The reasons for the decline are prevention efforts and successful investigations. The decline is therefore likely to continue in 2024 and 2025. In the first two months of 2024, for example, the number had already fallen from 36 to 7 in North Rhine-Westphalia, the state most affected by the large number of offender gangs with a Moroccan migration background coming from the Netherlands. The savings banks in this federal state have now equipped 75 % of their ATMs with ink cartridges. More and more banks have installed alarm systems and surveillance cameras as well as night-time locking with roller grilles. The implementation of the prevention measures deemed effective by a "round table on ATM explosions" at the German Federal Ministry of the Interior in 2022 should be completed by the end of 2025. And it is having an effect: in several federal states, the number of 2024 has fallen considerably, as a survey by DPA of the state criminal investigation offices revealed. For example, the police in Hesse, Lower Saxony, Saxony, Saxony-Anhalt and Rhineland-Palatinate reported fewer cases. In NRW, the number of attacks had fallen from 149 to 40 by mid-December 2024 compared to the same period in the previous year.

7. white-collar crime with particularly high loss potential

An analysis of white-collar crime in the Swiss PCS 2013 to 2022 reveals a significant increase in this decade (Claudia V. Brunner and Susanne Grau, Lucerne University of Applied Sciences and Arts, and Tanja Garcia, in a publication by HSLU dated 27.5.2024): a doubling of cases of fraud, embezzlement and breach of trust to around 26,000. The authors essentially attribute this increase to a shift from the dark field to the bright field, as they justify it with an increased willingness to report crimes, increased awareness of governance and compliance and improved access to data. Based on 78 convictions in 2022 with a minimum offense amount of CHF 50,000, the authors estimate the damage caused by white-collar crime at CHF 581 million, i.e. an average of almost CHF 7.5 million per case. In Germany, the number of cases recorded in the PKS in 2023 fell by 47 % compared to the previous year to almost 39,000. However, as these are mostly "control crimes", it can be assumed that there is a considerable number of unrecognized crimes. The monetary damage recorded has risen from 2 billion to 2.68 billion euros, particularly in the 7,180 insolvency offenses identified (by over 50 % to approx. 1.3 billion euros). In addition, there is considerable immaterial damage due to distortions of competition, loss of trust and reputational damage. The loss balance will not be any better in 2025 - also due to the ongoing recession. Although the number of cases of fraudulent white-collar crime recorded in the PKS 2023 has fallen considerably (from around 54,000 to 18,000), computer fraud has increased fivefold in the last 10 years. Amazon alone reports having stopped around 70,000 fraud attempts by closing seller accounts in 2023. Call center crime is on the rise. The Bavarian Central Cybercrime Unit has been investigating a criminal group based in Bulgaria for years, which has defrauded gullible investors of their savings with promises of high returns and has so far caused an estimated loss of more than 100 million euros. With the support of EUROPOL, the LKA Baden-Württemberg has succeeded in breaking up a ring of call center operators. In a "parallel" call center set up at the LKA, the police were able to document 1.3 million criminal telephone fraud attempts. As DIE ZEIT reported on May 8, 2024, a gang of fraudsters had set up at least 76,000 "fake stores" with order pages on the Internet worldwide. Fake websites could be traced to servers in China. The NRW consumer advice center can use a "fake store finder" to identify potential fake stores using language analysis and artificial intelligence and warn those seeking help. A study by the Institute for Applied Economic Research at the University of Linz estimates that the shadow economy will account for 11.3 % of GDP in 2024, i.e. 480 billion euros. This figure has been trending upwards since 2021. Undeclared work alone accounts for two thirds. Corruption is very difficult to identify due to the interaction between "givers" and "takers". According to the 2023 Federal Situation Report published by the Federal Criminal Police Office on 10.9.2024, the high proportion of "takers who are not ready to act" is all the more remarkable, probably due to the establishment and expansion of compliance structures in companies. A total of 3,841 cases were identified in 2023. The number fell by 70 % in business transactions, but rose by 370 % in the healthcare sector. Bribery in connection with orders for protective equipment to ward off coronavirus infections is likely to have a lingering effect.

8. more product piracy

The high-quality products and services of the Swiss economy are particularly vulnerable to the global risks of counterfeiting and brand piracy. According to the OECD study "Counterfeiting, Piracy and the Swiss Economy" commissioned by the Swiss Federal Institute of Intellectual Property (IPI), global trade in counterfeit and pirated goods that infringe Swiss IP law reduced the legitimate turnover of Swiss rights holders by at least CHF 4.47 billion. This corresponded to 1.5 % of the export of Swiss original products. In addition, the trade in counterfeits caused a loss of more than 10,000 jobs (1.7 % of all jobs in the manufacturing industry). The trade in counterfeit "Swiss" watches accounted for 48 % of the total value of counterfeit Swiss products. In the years from 2012 to 2022, the number of counterfeiting offenses identified in Switzerland rose from around 4,300 to over 6,000. Food counterfeiting in particular has increased in scope and complexity, primarily due to the globalization of supply chains. On January 16, 2020, the EU Intellectual Property Agency (EUIPO) published a study according to which, based on data collected between 2018 and 2020, European manufacturers of clothing, cosmetics and toys will lose around 26 billion euros and 200,000 jobs annually due to product piracy. Online retail also encourages counterfeiting. According to its latest brand protection report, Amazon alone has identified more than 7 million counterfeit products on its online marketplaces.

9. Geopolitical tensions increase the risk of espionage

The current geopolitical tensions, particularly Russia's war of aggression and China's aggressive policy, are increasingly leading to hybrid attacks on the economy and political institutions of Western countries. In its situation report, the BSI points to a range of disinformation campaigns, "hacktivism", espionage and sabotage attacks (p. 22), and German Defense Minister Pistorius warns of a hybrid threat from Putin (Tagesschau on 22 December). The heads of the German intelligence services (BND, BfV and MAD) unanimously stated in the Parliamentary Control Committee that Russian intelligence services are spying and sabotaging more than ever before. Russia is also increasingly using people from the criminal milieu for espionage (DAS PARLAMENT on 19.10.2024). China is particularly active in economic and scientific espionage. The "New Intelligence Law" passed in 2017 obliges Chinese nationals and Chinese companies at home and abroad to cooperate with the Chinese intelligence services. Much of the information from the technology and science sector is not collected by Chinese agents, but by so-called "non-traditional collectors" (Daniela Kirchmeir, Hisolutions AG, in Protector on March 28, 2024). ETH Zurich, where almost 1,400 Chinese students and doctoral candidates were enrolled in 2023, subjects applicants from autocratic countries such as China to a multi-stage security check if they wish to study for a Master's degree or apply for a doctoral position. North Korea is also infiltrating the economy. Thousands of North Korean IT workers have infiltrated American companies and, according to findings by the cyber security company Mandiant, they are also increasingly active in Europe. They conceal their location in North Korea with the help of a virtual private network and have close links to the North Korean secret service.

​​