Cyber attacks are a growing threat to companies - including SMEs. But what happens if the entire IT system suddenly fails?
HYMER Leichtmetallbau was the victim of a cyberattack in 2024 that paralyzed internal systems. While ERP and emails were no longer accessible, the purchasing department was able to continue working thanks to Tacto's cloud-based SRM software and thus maintain production.
Cyber attacks are no longer a rarity and are increasingly hitting medium-sized companies with full force. The consequences are often serious: IT failures, data loss and production downtime can cause massive financial damage within a matter of hours.
HYMER Leichtmetallbau, a leading manufacturer in the field of access and vehicle technology, experienced this in 2024 when a cyber attack paralyzed the entire IT system. However, the purchasing department remained operational with the cloud-based SRM software from Tacto.
In the webinar, Alexander Frei (Head of Purchasing at HYMER) and Robin Krebs (Cyber Security Expert at Zscaler) explained how the attack took place, why cloud technology significantly improves the resilience of purchasing and how companies can prepare for such crises.
The threat of cyber attacks has increased dramatically in recent years. Reports of hacked companies, stolen data or paralyzed IT systems can be found in the news almost daily. While cybercrime was once often seen as an isolated risk for banks or large technology companies, companies of all sizes and from all sectors are now affected.
There are many reasons for this: digitalization is advancing rapidly, IT systems are becoming increasingly complex and dependence on digital processes is growing. At the same time, cyber criminals are developing ever more sophisticated methods of attack - often with the help of automated tools, artificial intelligence and targeted social engineering.
"Cyberattacks are not a question of if, but when. If you don't have a well thought-out emergency strategy, you risk serious business disruption." - Robin Krebs, cyber security expert at Zscaler
According to Zscaler, there are certain attack methods that occur again and again and hit companies hard:
1. phishing attacks: Fake emails or websites pretend to be from legitimate senders and trick employees into revealing passwords or confidential information. A single click is often enough to give attackers access to the entire company network.
2. zero-day vulnerabilities: Cyber criminals exploit security vulnerabilities before official updates or patches are released. This is particularly dangerous for companies that do not regularly update their IT systems.
3. ransomware attacks: Data is encrypted and only released against payment of a ransom. These attacks can paralyze entire companies - and even after payment, there is no guarantee that all data will be restored.
4. insider threats: Not all cyberattacks come from outside. Malicious or negligent employees can manipulate or pass on data in a targeted manner or open up access for attackers.
5. AI-supported social engineering: Attackers are increasingly relying on artificial intelligence (AI) to create deceptively genuine deepfake calls or personalized scam emails that are almost indistinguishable from real messages.
6. insecure connections to third-party providers: Companies are often connected to other IT systems via supplier interfaces and external service providers. Inadequately secured access points are a popular gateway for attackers.
The financial consequences of a cyberattack go far beyond the actual ransom. According to Zscaler, the average cost of a cyberattack is up to USD 5 million. In addition to direct costs for IT recovery and ransom payments, there are also indirect losses due to production downtime, reputational damage and legal penalties.
Direct costs
Production downtime & operational restrictions
Regulatory penalties & compliance violations
Loss of reputation & damage to trust
Cyber attacks are therefore not just a technical problem, but an economic risk that can cause massive damage to companies.
In April 2024, HYMER was the target of a cyberattack in which all IT systems were encrypted by ransomware. The entire company was affected within a few hours:
IT emergency management was activated immediately. While IT specialists and forensic experts worked on restoring the systems, the purchasing department found a solution to continue placing orders and keep supply chains running.
During this critical phase, Tacto's cloud-based SRM software proved to be a decisive factor in the purchasing department's ability to act. While all internal IT systems were down, Tacto remained fully functional.
"Without cloud-based access to our purchasing data, we would have been unable to act. Tacto enabled us to continue working despite the attack." - Alexander Frei, Purchasing Manager at HYMER
This enabled the purchasing team:
After successfully overcoming the crisis, HYMER has implemented several IT security measures to minimize future cyber risks:
In addition to these measures, Zscaler also recommends network segmentation to separate sensitive areas of the IT infrastructure, as well as carrying out regular security audits and emergency tests, because an IT security concept is only as good as its implementation.
The cyberattack on HYMER shows that traditional on-premise systems alone are not enough to maintain business processes in an emergency. Cloud-based solutions such as Tacto offer companies an independent infrastructure that also works in the event of IT failures or cyberattacks.
With access to purchasing data, supplier contacts and order histories, HYMER was able to react quickly and avoid bottlenecks. This case underlines why a robust, digital purchasing strategy is not only essential for efficiency, but also for crisis resilience.
The threat of cybercrime will continue to increase in the coming years. Companies should invest in security measures at an early stage and digitally secure their purchasing processes. Cloud-based systems such as Tacto offer a resilient alternative to traditional IT infrastructures and help companies remain capable of acting even in times of crisis.