It’s hard to get reliable numbers. One study I could find is a review published by the World Bank in 2024 that analyzes the long-term development of cyber incidents and their economic costs. Among others, it says:

According to the UK Cabinet Office, in 2011, the UK government estimated that the costs of cybercrime was USD 33.67 billion or about 1.3% of the country’s GDP, with the largest share posed to businesses—about 77.78%. Grant Thornton (2021) shows that in 2014, the total cost of cybercrime in Ireland was USD 695.5 million, and then, in 2020, it increased dramatically to USD 10.5 billion, or 2.5% of the country’s GDP.

Source (pdf)

Note that the 1.3% of UK’s GDP and Ireland’s 2.5% relate to 2011 and 2014, respectively. So we may reasonably assume it’s much higher. Although the numbers in this review are probably not fully comparable with Bitkom’s survey, it provides useful insights, and the 5% don’t seem so far-fetched.

Nokia’s calls for action here are not impartial.

No one in this context is impartial. This is why China - in an impartial move - banned Nokia from its domestic market citing national security reasons. It should go without debate that Europe does the same and banning Chinese companies for the very same reason. Beijing will understand, no?

It must be noted that China has been a ‘closed shop’ for decades, but for then or so years it has been shielding its domestic markets more than ever.

Yes, they have the same business interests as Chinese companies, but Nokia has been reportedly banned in China over security reasons. So China will certainly understand if Chinese companies get banned in Europe amid security concerns.