Cyber attacks on elevators? In our connected world, even the elevator industry is not safe from digital threats. Because cybersecurity goes far beyond the IT sector. What risks exist here and how can companies proactively protect themselves?
With the advancing digitization and networking of elevators, the risk of cyber attacks increases.
Markus Kling is VP of Engineering at Digital Spine.
In today's digitally interconnected world, cyber attacks have become an omnipresent threat. The economy, citizens' privacy, and national security are repeatedly targeted by hackers. The increasing dependence on technology and the interconnection of this technology also means that critical infrastructures, including elevator systems, are vulnerable to such attacks.
Cybersecurity is no longer just a topic for IT specialists. As current statistics and reports show, the relevance of this issue is steadily growing - even in areas that at first glance are not directly connected to the digital space.
The economic dimension of cybersecurity in elevator systems.
Cybersecurity has gained importance in recent years not only due to the increasing number of cyber attacks, but also due to its significant economic impacts.
According to a survey from 2023, damages of around 205.9 billion euros per year are incurred in Germany due to hacker attacks. This figure is composed of direct financial losses, damage to reputation, operational interruptions, legal disputes and other post-incident costs.
For industries such as the elevator industry, where digitalization is progressing rapidly, potential risks are also increasing rapidly. Elevators today are much more than just mechanical systems; they are intelligent, interconnected systems that interact with other building systems and transmit data in real time. A cyber attack on such a system can not only affect the operation of the elevator itself, but can also endanger other interconnected systems in the building.
The financial consequences can be considerable:
Direct costs: Repair and restoration of systems, payments for ransom demands, replacement of damaged hardware.
Operational interruptions: A non-functioning elevator in a commercial building or large residential complexes can cause significant disruptions and associated costs.
Reputation damage: Loss of trust from tenants or building owners, which can lead to a decline in business activity or property values.
Legal consequences: Penalties or lawsuits that arise due to lack of cybersecurity measures.
It is therefore clear that the economic impact of a cyber attack on elevator systems can be immense. They extend far beyond the immediate repair costs and can have long-term damaging effects on business operations and brand image.
With the advancing digitization and networking of elevators, the risk of cyber attacks increases. The possible consequences - from trapping people to the failure of the entire system - are severe.
To counter these threats, legislators have responded. The "Law on Surveillance-Required Installations" (in short: ÜAnlG) and the "Operational Safety Ordinance" (in short: BetrSichV) form the legal basis for this. In addition, the technical rule TRBS 1115-1 was created, which specifies cyber security for safety-relevant measurement, control and regulation devices.
The TÜV Association has recognized these regulations and determined that they represent the current state of the art. This results in specific operator obligations that go beyond the classic, mechanical safety aspects.
Reactions and Challenges
The introduction of these regulations has elicited different reactions. While most associations recognize the necessity of the new regulations, there is debate over who ultimately bears responsibility for cyber security. The separation of product and operational requirements proves to be complex in this regard. There is consensus that both operators and manufacturers share responsibility.
Above all, operators face the challenge of developing and implementing appropriate security concepts. The question of the scope of protection, the integration of emergency call systems or building controls, and the role of TÜV are just some of many open points.
Best Practices and Approaches to Solutions
Risk Analysis: Start with a comprehensive analysis of all digital systems and interfaces in the elevator. Identify potential vulnerabilities and assess the risks.
Software Updates: Ensure that all software-based components are updated regularly. Outdated software is often vulnerable to attacks.
Access Restrictions: Implement strict access controls. Only authorized individuals should be able to make changes.
Encryption: Utilize modern encryption technologies to protect data transfers.
Regular Training: Sensitize staff to security risks and train them in secure practices.
Emergency Plans: Create detailed plans for the event of a cyber attack, so you can respond quickly and efficiently.
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
External Expertise: Consult cybersecurity experts to review your systems and provide recommendations.
Documentation: Keep a written record of all measures and protocols. This facilitates communication with regulatory authorities and reduces liability risks.
Future-oriented approaches
In a constantly changing digital landscape, it is imperative to always be one step ahead of cybersecurity threats. The basis of such an approach is a deep understanding of statutory requirements. Regularly updating and adapting to these regulations is not just a matter of compliance, but also protects against potential threats. Regular training and workshops for all relevant staff could be useful for this.
Risk analyses and preventive measures
Risk analyses play a central role in proactive security management. By identifying and assessing potential vulnerabilities, preventive measures can be taken and resources can be used more efficiently. It is important to consider both obvious risks and less apparent hazards.
External expertise and collaboration
Using external support, such as specialized cybersecurity firms or consultants, can be a valuable resource. These experts often bring a different perspective and can support in various phases of cybersecurity.
Another future-oriented approach is the integration of artificial intelligence and machine learning into safety systems. These technologies can help detect anomalies in the system and respond to them in real time.
People and culture
Cybersecurity is not just a technical challenge. It is an organizational issue that requires clear leadership responsibility, a culture of awareness, and continuous education. People - be they employees, customers, or partners - must be at the center of any security strategy.
Overall, it is crucial for companies to act proactively and not wait until a cyber attack has occurred to address cybersecurity. A forward-looking approach requires a combination of technology, education, collaboration, and continuous adaptability.
:quality(80)/p7i.vogel.de/wcms/2d/65/2d6506ae33327e1e1f18726d99fccdb5/0129058910v1.jpeg "Chip manufacturer Intel is struggling with declining market penetration of its products, which is why it has embarked on a course of restructuring. But there are headwinds on this path ... (Image:Intel)")
:quality(80)/p7i.vogel.de/wcms/21/23/21231daf27053b9272719015c55c4781/0129056388v1.jpeg "If Elon Musk has his way, you will be able to meet the humanoid Tesla robot Optimus everywhere from the end of 2027 at the latest, because that is when widespread sales are to be launched ... (Image:Tesla)")
:quality(80)/p7i.vogel.de/wcms/51/eb/51ebc46b241097bb32ab73d8d2809190/0129058056v1.jpeg "Deliveries in the defense sector increased by 30% year-on-year over the year as a whole. (Picture: ©Andreas Schneider - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/ce/d5/ced565f81a9f71dd19099154aeaa12b0/0128854751v1.jpeg "The multifunctional testing system from Zwick Roell and MBTS is fully automated and allows fast, reproducible test protocols with minimal user influence. (Image:Gorodenkoff/Shutterstock)")
:quality(80)/p7i.vogel.de/wcms/e5/41/e541db2da42fb47cb78929b114494c9f/0128553956v1.jpeg "3D modeling software Blender with the integrated component catalog from MHJ-Software (left), the setup of a virtual system in the design area (central) and the specially developed plugin for skill configuration (right). (Image:MHJ software)")
:quality(80)/p7i.vogel.de/wcms/86/f2/86f204eabd0b5d05e957ca9913e7c5a0/0128562545v1.jpeg "The AI Readiness Index shows how the AI transformation process can be controlled in a targeted manner. (Picture: ©Yurii - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/30/3a/303afc7f8480b082a5be83f00a3c5d10/0129001665v1.jpeg "At the SAP Experience Center above the rooftops of New York City, \"AeroBot\"—integrated with the Knapp \"AeroBot\" app - presents maximum storage density and intelligent technology for the logistics of the future. (Image:SAP)")
:quality(80)/p7i.vogel.de/wcms/27/53/2753018c2f4a08fd3809e2f60e99ad85/0128994805v1.jpeg "Pepsi digitizes selected production facilities and warehouses in the USA using Digital Twin Composer. (Image:Siemens)")
:quality(80)/p7i.vogel.de/wcms/09/5b/095b951a31f3e465c6f558de46d804d7/0127990500v1.jpeg "Komax Tapping was looking for a lifting column for the base frame of its taping machines that had both the necessary strength and stability to adjust the height of the entire structure. (Image:Linak)")
:quality(80)/p7i.vogel.de/wcms/59/0d/590d3c7ae4b7a4df0ff976a33510b7ec/0128999676v1.jpeg "A multitasker in action: During assembly work, the B&M Contactscrew ensures a secure ground connection and clean threads. (Image:b&m)")
:quality(80)/p7i.vogel.de/wcms/a0/3c/a03cfd21fde8dd98ba9039ec32668954/0128850767v1.jpeg "In engineering, powerful workstations are the be-all and end-all to be well-prepared for the AI era. (Image:Dell Technologies)")
:quality(80)/p7i.vogel.de/wcms/28/0e/280e8d339fc5b4553140c1fb2742916b/tum-hyperloop-student-team-blog-hero-917x515v1v1.jpeg "Virtual methods make it possible in complex projects to identify technical risks early and reduce development times. (Image:(Image: TUM))")
:quality(80)/p7i.vogel.de/wcms/da/e3/dae345342629f75d623ff89cf9d0abf9/0129004948v1.jpeg "Toshiba and Mikroe have presented a motor control unit that simplifies prototype construction in the automotive sector. (Image:Toshiba)")
:quality(80)/p7i.vogel.de/wcms/24/4a/244a1ee866286af67d94c1ad58996c7f/0129052527v1.jpeg "Signature for the foundation of a new electric bus manufacturer: Karl Deppen from Fuso and Jun Seki from Foxconn. (Image:Foxconn)")
:quality(80)/p7i.vogel.de/wcms/fd/2d/fd2de5ac3917716aff3d127a0571af04/0129039688v1.jpeg "Experts are certain that the sodium-ion battery will make its final breakthrough in China this year, thanks in part to CATL. (Image:CATL)")
:quality(80)/p7i.vogel.de/wcms/b7/02/b702f44e9a38e80dd3c6e32678c61764/0129054296v1.jpeg "In future, Valeo will be using a new manufacturing solution for the series production of lighting systems based on TactoTek's IMSE technology. (Image:Valeo)")
:quality(80)/p7i.vogel.de/wcms/01/1e/011e23779daa6d48c28a30356497f3ea/0129054064v1.jpeg "As long as artificial intelligence does not generate reliable revenues, some analysts believe it is dangerous to invest heavily in production capacities for AI chips. (Image:AMD)")
:quality(80)/p7i.vogel.de/wcms/2d/04/2d045816e056f236eb7ff9638cebbb2b/0129005497v1.jpeg "3D IC technologies are driving semiconductor innovation. The precise analysis of signal and power integrity is crucial here. (Image:Siemens EDA)")
:quality(80)/p7i.vogel.de/wcms/9a/4d/9a4deb8816e5b1c837d3fa541e611aae/0129026074v1.jpeg "Organic PV modules with an improved p/n junction: researchers at Osaka Metropolitan University have developed a special molecule that organizes itself and forms controllable structures. (Image:Fraunhofer ISE)")
:quality(80)/p7i.vogel.de/wcms/39/ab/39abbe2fc9bfaa6a5de1068ffb0e8a89/0128949557v1.jpeg "Micron site in Taichung, Taiwan. As part of a strategic partnership with PSMC, the memory manufacturer intends to take over the foundry provider's plant in Tongluo. The aim is to address the increased demand for DRAM memory on the market. (Image:Micron)")
:fill(fff,0)/images.vogel.de/vogelonline/companyimg/76800/76895/65.jpg "FAULHABER_120mm.jpg ()")
:fill(fff,0)/p7i.vogel.de/companies/68/a4/68a47beec75ce/logo-cmyk-de.jpeg "logo-cmyk-de (https://www.datatec.eu/)"){kind=logo}
:fill(fff,0)/p7i.vogel.de/companies/67/eb/67eba621ef6ea/logo2.png "logo2 (Wuxi InfiMotion)"){kind=logo}
:quality(80)/p7i.vogel.de/wcms/e6/cd/e6cde06a5f5cf17a9a258ccf0a6fec96/0124652198v1.jpeg "The requirements of the Machinery Regulation and the Cyber Resilience Act will significantly change the product development process. (Image:© Sikov – stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/0f/1e/0f1e47511afb03918d298c4611cff2cc/0122145406v1.jpeg "Companies must keep up with the rapid development of modern attack techniques and also identify potentially new vulnerabilities. (Image:freely licensed)")