Cybersecurity demands immediate action. Armed with criminal energy, professional expertise, and artificial intelligence (AI), attackers launch massive daily assaults using ransomware and other malware on companies and institutions. The consequences are substantial financial losses – from restoring system operations to fines for data protection violations. The updated NIS2 directive also introduces personal liability for board members and managing directors. Comprehensive risk management becomes a central requirement. To ensure business continuity, AI and machine learning must be employed. DevSecOps and agile collaboration between business development, security, and operations are more essential than ever.
The Only Certainty: Nothing Is Safe
In cybersecurity, one thing is certain: attackers with creative criminal intent can potentially infiltrate any system, manipulate it, or access sensitive data. Cybercrime has become immensely damaging and is considered a global top risk in 2024. Companies of all sizes are affected. According to the German Federal Office for Information Security (BSI), attacks are shifting: in addition to public institutions and municipalities, small and medium-sized enterprises are increasingly targeted.
In 2023 alone, the German economy suffered losses totaling €205.9 billion due to complete IT system failures and major disruptions in business processes. Of that, €16.1 billion resulted from ransomware-related consequences – primarily due to data theft and the need to rebuild systems.
Massive Damage and Regulatory Fines
Cyberattacks often coincide with data protection violations, leading to fines under the European General Data Protection Regulation (GDPR). In 2023, the Open University of Cyprus paid a €45,000 fine after hackers accessed and published personal data on the dark web due to inadequate protective measures. Similarly, Centric Health Ltd. in Ireland was fined €460,000 following a ransomware attack that exposed the records of approximately 70,000 patients due to missing security safeguards.
In addition to financial penalties, companies face reputational damage – the loss of stakeholder and partner trust can quickly lead to further financial harm.
Cybercrime as a Business Model
There is now a black market for ransomware services. On the dark web, anyone with a hint of criminal intent can purchase fully automated malware subscriptions, complete with regular updates – no hacking skills required.
Even entire attacks can be ordered as a service: Cybercrime as a Service. Hacker collectives operate in specialized roles, offering services like DDoS attacks, spam campaigns, or ransomware deployment. Clients choose their desired package, and providers handle everything – even ransom payment processes.
The profitable business model behind Ransomware as a Service (RaaS) was exposed through the Conti Leaks. The group’s mafia-like scale and probable ties to government entities are alarming, especially as it targeted manufacturing sectors in Germany, the UK, Italy, and France.
In 2023, Germany recorded an average of 250,000 new malware variants – per day. Ransomware remains the biggest threat. AI and machine learning are now used for Big Game Hunting and social engineering, posing a serious challenge to IT security. Attackers use these technologies to write malicious code or phishing emails. ML helps analyze traffic patterns, defense strategies, and potential system vulnerabilities. Generative AI can create spam-filter-proof messages in minutes.
NIS2 – Liability for Management
The outlook for companies and institutions is becoming even more precarious. The EU’s 2016 NIS directive was updated in 2023 with NIS2, significantly tightening requirements. Organizations are now classified as “essential” or “important,” and the scope of critical infrastructure sectors has been expanded.
“Essential” refers to organizations with more than 250 employees and annual revenues over €50 million; “important” refers to those with over 50 employees and more than €10 million in revenue. Germany’s implementation of NIS2 is expected to take effect in October 2024, mandating IT security governance measures.
Management and boards can be held personally liable if necessary risk management measures are not implemented. They are no longer merely formally responsible for monitoring and early warning systems – they must ensure operationally secure systems and comprehensive data protection. Failure to do so could lead to severe personal consequences.
As a result, significant effort is required: from implementing internal policies to developing risk analysis concepts, attack response strategies, and operational continuity plans. This includes securing supply chains, introducing vulnerability management, organizational compliance structures, encryption frameworks, access controls, and “zero trust” solutions with multi-factor authentication for hybrid work.
Cybersecurity and risk management now require deep management involvement, both technically and organizationally.
The State of Cybersecurity Is Alarming
Decision-makers can no longer rely on static solutions. Cybercrime has become not only technically complex but also dynamic. With rapid technological advancements, rising attacker expertise, and increasing attack volume, a highly agile and technologically sophisticated approach is needed.
Yet, many companies still rely on static, reactive responses. Networks are typically protected using preventive tools and post-attack malware detection. But security teams are often overwhelmed. As of 2022, many faced “too many tools, too few people, too many alerts” – most of which were false positives, leading to widespread “alert fatigue.” One in three companies had no transparency about their security status – only 54% conducted regular penetration testing in 2022.
On a positive note, companies now prioritize transparency in network activity. 82% aim to enhance their Security Incident & Event Management (SIEM), and over 90% are prioritizing security monitoring. Cybersecurity culture and employee awareness are also being promoted, as human error remains a critical factor. But what’s missing is state-of-the-art cyber resilience.
Criminals will continue using AI to develop dangerous new algorithms, explore company risk profiles and core processes, and penetrate infrastructures. To counteract these threats, AI and ML must also be deployed defensively – a trend that has only just begun.
Using AI Is No Longer Optional
According to Bitkom Research, only 14% of German companies currently engage with AI for cybersecurity. As recently as 2023, 59% stated it was not an option for them. Still, 35% believe generative AI could enhance security.
These figures reflect the current state of cybersecurity awareness in German companies. Tackling technical debt is not a quick fix. But AI is no longer optional if we want to defend against adversaries and keep pace in this digital arms race.
The vast data volumes in modern companies can only be managed through real-time big data analytics powered by ML algorithms. These detect suspicious login patterns or other network anomalies. Automated risk analyses, incident summaries, and alert systems save over half the time compared to traditional methods. Incident response processes can also be handled by AI.
Threat intelligence tools automatically adapt to new threats, collecting data, storing attack patterns, and improving detection. Simultaneously, false positives are dramatically reduced. These tools analyze suspicious emails with high precision, preventing phishing or ransomware from reaching their targets. With AI and ML, the risk of cybercrime can be significantly reduced through real-time, largely automated detection and response management – ensuring business continuity.
AI-Driven XDR
One mature solution is XDR – Extended Detection & Response. It ensures continuous monitoring of networks and all endpoints for identifying and addressing critical incidents.
A Security Operations Center (SOC) collects all incidents and events from across the infrastructure. Behavioral network monitoring and automated forensics respond to security anomalies within the perimeter. Each incident is evaluated, and the appropriate incident response is initiated (Network Detection & Response – NDR). This real-time monitoring extends to all endpoints (Endpoint Detection & Response – EDR), including home office PCs, laptops, tablets, and smartphones.
XDR thus monitors everything from endpoints to network sensors to cloud instances and microservices. Regular simulations and vulnerability checks ensure constant security. Integrated AI and ML tools enable SOC teams to focus on complex tasks. Application outages are significantly reduced, and operational interruptions are almost entirely avoided.
Security must be thoroughly integrated from the start when developing new business processes.
DevSecOps in Demand
To establish effective security solutions, companies must bridge the gaps between development, operations, and security teams. For proper application performance management and comprehensive monitoring, convergence of security and operations is essential.
According to Cato Networks, 76% of companies now consider this convergence indispensable. A shared platform for security and network teams boosts organizational resilience and responsiveness. Carlsberg A/S, for instance, consolidated these functions into SecOps. Their CISO, Tal Arad, reports: “By merging our network and security teams, we resolved long-standing turf wars. We now identify and respond to backdoors caused by network changes and address operational issues triggered by security updates – because we function as a single team.” SecOps dramatically improves agility and response efficiency.
A cultural shift to DevSecOps is underway and must accelerate. The goal is to embed security into business and development processes from the outset. Yet, as recently as 2022, only 43% of German companies properly implemented “Security by Design.” And a global Dynatrace study found that just 50% of CISOs were confident their dev teams had fully vetted software for vulnerabilities before going live.
Decision-makers must recognize: every click, every transaction is a potential risk. Every anomaly must be addressed in real-time, without delay.
With this “transaction awareness” at the heart of business processes, agile teams must build critical new applications with security in mind, integrating them into already secure environments – environments where anomalies are detected and neutralized through AI-powered real-time monitoring and intelligent incident response.
English (UK) 
Deutsch