Cybersecurity 2024: New Challenges and Progress in Germany
Digitalization offers great opportunities, but at the same time, the risks for businesses, public institutions, and citizens are growing. The current situation report from the Federal Office for Information Security (BSI) shows that the cybersecurity landscape has become more complex and dynamic – but also that significant progress has been made.
One of the most important steps was the comprehensive modernization of IT security law. With the implementation of the EU Directive NIS-2, the reporting obligation for IT security incidents was extended to more companies and sectors, leading to better monitoring and faster response times. Additionally, the new Cyber Resilience Act (CRA) requires manufacturers of connected products to provide security updates throughout their entire lifecycle. These legislative initiatives are important milestones on the way to a safer digital infrastructure. Another highlight is the introduction of the European Digital Identity Wallet (EUDI-Wallet), which enables secure cross-border identification for citizens while complying with the highest data protection standards.
However, the threat landscape has continued to worsen. The number of new malware programs rose to an average of 309,000 per day – an increase of 26% compared to 2023. Particularly alarming is the increasing exploitation of zero-day vulnerabilities, where attackers take advantage of software gaps before updates are available. DDoS attacks have also doubled in both quality and frequency, indicating that attackers are expanding their capabilities and becoming more targeted.
The targets of these attacks are varied. Small and medium-sized enterprises (SMEs) are increasingly in the crosshairs, as they are often less well protected against cyberattacks. Municipalities and public institutions have also been heavily attacked, leading in some cases to the temporary suspension of essential services like citizen or parental benefit payments. Particularly concerning is the increase in attacks on cloud infrastructures, resulting in identity theft and data leaks. Even political organizations were not spared: phishing and the abuse of weak passwords caused significant damage.
Despite these challenges, there have been positive developments as well. Law enforcement agencies have made significant successes, such as shutting down dangerous ransomware services like LockBit and QakBot. Critical infrastructures like energy and water supply are continuously improving their security and emergency plans, and cloud services are increasingly relying on automated protection mechanisms to quickly detect and prevent attacks.
However, the challenges remain significant. Growing digitalization brings new attack surfaces, especially through poorly secured IoT devices. At the same time, the complexity of new legal requirements presents companies with difficulties, but also offers the opportunity to sustainably strengthen cybersecurity strategies.
The 2024 situation report shows impressively that the threats are real and serious. At the same time, it shows that Germany is making progress in protecting itself. What will be crucial is that politics, business, and society continue to work closely together to create a secure digital future. With growing awareness, better resilience, and targeted action, we can overcome the challenges of cybersecurity.