One cyber incident report every 8.5 minutes
The number of reported cyber incidents has almost doubled compared to the previous year.
Cyber threats are increasing significantly: on average, the Federal Office for Cybersecurity (FOCBS) received a cyber incident report every 8.5 minutes up to the end of October 2024. With 34,789 reported cyber incidents in the first half of 2024, the BACS recorded almost double the figure for the same period last year. The increase is due in particular to the massive rise in attempted fraud, which at 23,104 reports accounts for two thirds of all reports. There is a particular focus on telephone fraud attempts, which are explained in a separate report.
The Semi-annual report on cyber security 2024/1 shows the current cyber threat situation. The current figures underline the importance of the BACS' tasks. By the end of October 2024, BACS had received a voluntary report of a cyber incident from the public and companies every 8.5 minutes via the reporting form.
Fraud attempts dominate incoming reports
In the first half of 2024, the BACS received 34,789 reports of cyber incidents. This represents an almost doubling compared to the same period last year. The increase in the area of fraud is particularly striking, accounting for two thirds of all reported incidents with 23,104 reports. The phenomenon of bogus calls to the authorities stands out in particular: In 13,730 cases, fraudsters posed as government employees and attempted to persuade their victims to install remote access software. The BACS sheds light on this phenomenon in a separate report, which is published together with the semi-annual report.
Marked increase in phishing messages
The BACS also recorded a significant increase in the area of phishing. With 6,643 reports in the first half of 2024, the number of cases is around 2,800 higher than in the same period last year. The fraudsters mainly rely on fake parcel notifications and alleged refunds in the name of well-known companies such as SBB or various tax authorities. A currently widespread approach involves a snowball-like distribution of phishing emails, so-called "chain phishing", in which phishing messages are immediately sent to the entire address book once the email inbox has been compromised.
Introduction of mandatory reporting of cyber attacks
Around 90 percent of reports to BACS come from private individuals, the remaining 10 percent from companies. These reports are all voluntary. In order to gain a better overview of the cyber threat situation, a reporting obligation for cyber attacks will be introduced for operators of critical infrastructures in the course of 2025.
Source: BACS
