PREFACE

THREATS UNLEASHED

Today, no one and nothing is truly safe – politically, economically or digitally. We are living in an age of geopolitical rivalries and economic instability, and the digital space is not spared. Submarine cables and satellites are caught in the crosshairs, IT solutions are pawns in nation state power plays. Attacks on digital supply chains pose a threat to the physical world, triggering unscheduled production stoppages and delivery chaos. Cyberattacks and misinformation are part of modern conflicts. They endanger critical infrastructure, democracies and economic stability. The number of attacks continues to rise and ransomware remains the most successful way for cybercriminals to generate revenue. Due to a large number of monthly data breaches, our digital and real identities are at risk of being utilized for cyber- attacks or identity fraud. Attackers are well organized, highly professional and sometimes state sponsored. Their objectives are to destroy, steal, blackmail and control. Every vulnerability, lost identity or misconfiguration opens up new ways for successful cyberattacks. Regulatory requirements and the ever-increasing complexity of digital ecosystems are ramping up the pressure on decision-makers and cyber- security experts to take action. Cyber defense is a continuous process. The outcomes of our representative survey of 1,000 German companies are alarming – only every second smaller company regularly audits the cybersecurity of its suppliers. Even mid- sized companies only seldom carry out comprehensive technical security checks of their IT systems. Especially the retail and consumer goods companies are lagging behind, both when it comes to the cybersecurity resources at their disposal and the measures they take.

In 2024, around 5.8 billion euros were invested in cybersecurity solutions in Germany. At the same time, cybercriminals inflicted damage totaling almost 179 billion euros. The time has come to rethink our strategy and prioritize proactive defense. Cybersecurity impacts us all and it is not just about technology. Rather, it is about taking responsibility – toward this and future generations. Prevention and education play crucial roles in protecting even the most vulnerable members of society from digital extortion. Transferring knowledge and implementing concrete measures will be key. Our Cyber Security Report 2025 provides you with an overview. It exposes threats and offers recommendations for action. The digital world is not just a space that we must work together to defend. It is where we are creating a future which is ours to shape, unless we surrender it to those who seek to tear it apart. As the companies of Schwarz Group, we act ahead and take responsibility. It is important to us to educate and support. We help you with our experience and expertise. Take advantage of this opportunity. Protect yourself. Let’s seize the opportunity to act ahead together.

Gerd Chrzanowski

General Partner Schwarz Group

EXECUTIVE SUMMARY

The cybersecurity landscape evolved at breakneck speed in 2024, with the threat situation increasingly shaped by geopolitical tensions and technological advances. The wars in Ukraine and the Middle East, ten- sions in the South China Sea and the intensifying formation of political blocs between Europe, the USA, Russia and China continue to have a significant impact on cyber- space. Cyberattacks have now become a key component in hybrid warfare. The rise in state-sponsored attacks on critical infrastructure and the emergence of coordinated disinformation campaigns to exert political influence are especially concerning.

At the same time, attack techniques are becoming increasingly sophisticated. Private and public sector organizations are facing a multitude of threats in parallel, demanding ever higher levels of resilience. The increasing use of artificial intelligence (AI), in particular, is reshaping both offensive and defensive strategies. While AI-assisted threat detection is strengthening defenses, cyber-criminals are also leveraging AI technology to automate phishing campaigns and generate deepfake-based social engineering attacks. Having easy access to generative AI capabilities significantly lowers the entry barriers for attackers and fuels the threat situation even further.

Ransomware remains a pervasive threat and has continued to gain in importance thanks to multi-stage extortion tactics and the Ransomware-as-a-Service (RaaS) model. The number of ransomware attacks recorded worldwide rose by 33 percent between July 2023 and June 2024. German companies were especially targeted. In the first half of 2024, a staggering 83 percent of German companies fell victim to ransomware attacks – almost twice the number recorded during the same period the previous year. The rising number of attacks was accompanied by a high level of willingness to pay the ransom.

Along with ransomware, cybercriminals again set their sights on software supply chains. Of particular concern are vulnerabilities in open-source software. These vulnerabilities are systematically exploited and manipulated packages may be inserted. In 2024, more than 6.6 trillion open-source downloads were recorded worldwide. Over the same period, the number of malicious software packages introduced into open-source ecosystems increased by 156 percent compared to the previous year. Cloud services, cybersecurity solutions, IoT environments and industrial control systems are also increasingly targetedby attackers.

In 2024, such cyberattacks inflicted damage totaling around 179 billion euros in Germany. One of 2024’s most attention-grabbing events was the faulty update issued by the cybersecurity company CrowdStrike in July, which crippled around 8.5 million computers around the globe running the Microsoft Windows operating system. The resulting chaos was systematically exploited by cybercriminals.

In light of these developments, companies need to continuously reassess their cybersecurity strategies. For this report, a representative survey of 1,001 German companies was conducted in late 2024. It revealed significant discrepancies and differences in cybersecurity measures and perception, depending on the size of the company. While small companies often only have limited resources at their disposal, 42 percent of large companies invest 1 million euros or more in their IT security. The average investment ratio for cybersecurity is 8 percent of the IT budget, with this figure rising to 17 percent for large companies. Despite economic uncertainty, 78 percent of companies have increased their IT security expenditure.

Staff shortages, however, remain a challenge. While 63 percent of all companies have their own IT departments, almost half of small companies have no internal IT security capacity. This lack of qualified staff not only makes it difficult to implement preventive measures, but also to respond quickly to acute threats.

Implementing the NIS 2 Directive poses challenges for many companies, especially smaller ones. Two thirds of all companies consider themselves well or very well prepared for cyberattacks, although 60 percent regard government support to be insufficient. More than half of companies do not perceive any significant cyber risks associated with their suppliers or external partners. Only 16 percent of small companies have defined binding cybersecurity requirements for all suppliers, compared with 40 percent of large companies. Across all companies, 49 percent audit their suppliers regularly or occasionally for compliance with security standards.

When selecting providers, large and small companies adopt differing strategies. While 88 percent of large companies pursue a multi-vendor strategy, 93 percent of small companies rely on a single provider. Only 6 percent of small companies perceive reliance on a single source as a risk, compared with 33 percent of large companies. To avoid disadvantageous dependence on a provider, more than half of the companies surveyed rely on open standards or regularly evaluate alternative vendors.