Chief AI Officer 2026: Real Role or Just Another C-Level Title?
Tobias Massow
⏳ 9 min read The Chief AI Officer is the most frequently announced-and least understood-C-level ...
Read Article
The November 2024 BSI report on cybersecurity in Germany reveals continuing alarming trends but also offers hope. This is because the economy, government, and society are better equipped to defend against these attacks.
The cybersecurity situation in Germany remains tense to alarming, but not hopeless. That’s how one can summarize the new report from the Federal Office for Information Security (BSI).
As BSI President Claudia Plattner and Federal Interior Minister Nancy Faeser emphasized during the presentation of the new BSI report, the government, economy, and society have done more over the course of the year to strengthen their resilience against increasingly sophisticated attacks.
“Not Defenseless Against Threats”
As Plattner points out, ransomware, espionage, and disinformation particularly endanger Germany’s prosperity and democracy. “However: We are not defenseless against these threats! We can clearly see: Protective measures are effective, and we are capable of countering attacks efficiently.”
According to the new situation report, 22 of approximately 140 Advanced Persistent Threat (APT) groups worldwide are now active in Germany. These groups, which specialize in such activities, are usually well-trained and often controlled by foreign powers to conduct targeted espionage or sabotage.
Another threat comes from increasing malware and phishing attacks. The number of malware variants has risen by 26 percent year-over-year to nearly 115 million.
Android Devices Make It Easy for Attackers
The number of Android malware variants is increasing particularly sharply. Within a year, this figure surged by 48 percent to 790,000. The number of globally identified phishing URLs and IP addresses, also rising sharply at around 1,000 per day, primarily targets Android devices.
One issue with consumer devices, as well as many IoT devices in industry, is that they receive no security updates after a short period. In Germany, according to information from the Federal Office for Information Security (BSI), this is the case for 25 percent of Android devices, allowing hackers to quickly access login credentials, account details, or even corporate information.
Significantly Expanded Attack Surface
The potential attack surface for cybercriminals has also significantly expanded. The number of globally known vulnerabilities has increased by 14 percent to 78 per day. Zero-day vulnerabilities are particularly dangerous for businesses and government agencies, as they must be addressed immediately.
Public administrations in the EU are now the most threatened sector, according to the BSI report, accounting for 17 percent of all IT security and phishing incidents. Logistics and transportation come in second with ten percent of all cases. Digital infrastructures, as well as banks and financial services, follow closely behind with nine percent each. Phishing now affects all relevant market segments.
DDoS and Ransomware Attacks on the Rise
The BSI (Federal Office for Information Security) has recorded a significant increase in high-volume DDoS attacks. In March 2024, their share surged to 15 percent, and in April, it even jumped to 28 percent. However, ransomware continues to inflict the most substantial economic damage.
Even though companies are less willing to pay the demanded ransoms, global damages have nearly doubled from 567 million to 1.1 billion dollars. Such is the escalating threat landscape. At the same time, the state, economy, and society are becoming more vigilant and resilient, as the new BSI report also indicates. For instance, the maturity level of Information Security Management Systems (ISMS), briefly called ISMS, for KRITIS operators has significantly improved over the past two years.
Source header image: Adobe Stock / santi