Main banner that says "2025 Cyber-Security Rückblick"

What Mattered in Cyber Security in 2025 – and What Comes Next

Autor: Mathias Schick

The holidays are approaching, but there’s little sign of calm – at least not in cyber security. Quite the opposite: experience shows that things tend to heat up again at this time of year. And that’s after an already eventful twelve months.

NIS2 has now been fully transposed into German national law. The threat landscape continues to intensify across Europe at every level. Organisations are under more scrutiny than ever – and must act decisively.

Still, it’s worth taking a moment to pause. Only those who reflect can plan strategically and – ultimately what really matters – act proactively. I invite you to look back with me at the key security themes of 2025, and to take a first look at what lies ahead.

Words "NIS2" on a digital lock

NIS2: finally binding and enforceable.

The implementation of NIS2 into national law this December was one of the year’s defining security topics. After a long wait, we now have not only regulatory clarity but also practical direction.

For me – and for us at Bechtle – this is an important signal: organisations now need reliable guidance and concrete support. The demands have increased significantly: stricter obligations, tighter deadlines, and rising compliance pressure.

At the same time, the regulation creates opportunities – for example, to modernise security structures systematically and build sustainable cyber resilience.

We’ve summarised the key requirements, insights and recommended actions in our whitepaper:

NIS2: Your guide to compliance.

Request the whitepaper

Mathias Schick picture

it-sa once again a highlight.

A standout moment this year was, once again, it-sa. In conversations with customers and partners, regulatory topics dominated – unsurprisingly. From NIS2 to the AI Act and the Cyber Resilience Act.

This EU-wide regulatory push aims to make holistic cyber resilience a mandatory standard – ensuring that organisations, public bodies and ultimately society remain robust. Those who fail to prepare risk fines, operational disruption and, not least, reputational damage.

Accordingly, the discussions centred around end-to-end processes for detection and response within Security Operations Centre offerings, the use of AI to strengthen defensive strategies, security awareness and culture, and effective Zero Trust architectures and platform approaches.

The event made one thing abundantly clear: cyber resilience is no longer seen as a purely technical IT topic – it now sits at the heart of enterprise-wide risk management. Which means it’s an executive-level responsibility.

Mathias Schick picture
it-sa once again a highlight.

A standout moment this year was, once again, it-sa. In conversations with customers and partners, regulatory topics dominated – unsurprisingly. From NIS2 to the AI Act and the Cyber Resilience Act.

This EU-wide regulatory push aims to make holistic cyber resilience a mandatory standard – ensuring that organisations, public bodies and ultimately society remain robust. Those who fail to prepare risk fines, operational disruption and, not least, reputational damage.

Accordingly, the discussions centred around end-to-end processes for detection and response within Security Operations Centre offerings, the use of AI to strengthen defensive strategies, security awareness and culture, and effective Zero Trust architectures and platform approaches.

The event made one thing abundantly clear: cyber resilience is no longer seen as a purely technical IT topic – it now sits at the heart of enterprise-wide risk management. Which means it’s an executive-level responsibility.

Stuttgart airport

Our SOC best practice.

Many security teams are facing a familiar pattern: compliance and audit pressure, alert fatigue, blind spots at night and over weekends, missing incident management structures, long response times after an attack – all compounded by a persistent skills shortage. The list of challenges is long. And it won’t get any shorter in 2026.

What modern detection and response looks like in practice is demonstrated by our project with Stuttgart Airport. Together we built a Managed Security Operations Centre (SOC) that reliably detects, analyses and responds to security-relevant events – supported by automation, tailored playbooks and continuous optimisation.

The result is a marked increase in resilience that works day-to-day – not just on paper.

How modern cyber security works in practice.

Watch the webinar

Security remains a strategic success factor.

Germany remains one of the most targeted countries worldwide – currently in the top four. Europe isn’t far behind. That alone would be concerning, but the decisive factor is how attacks are carried out today. One phrase captures it perfectly: “Hackers don’t hack in. They log in.” Identities have become the primary attack vector. Identity-first security was therefore one of the most strategically important themes of the year – and it will remain so. Closely connected to this is the Zero Trust approach: trust no one by default, verify every access request in context, and minimise privileges consistently. Many organisations technically already have the capabilities – for example through Microsoft 365. The challenge is that they are not used consistently.

For those who want to delve deeper, I’ve compiled the most valuable resources here:
Cover of article "IAM-Whitepaper"

Building effective identity management. How IAM prevents unauthorised access and proactively protects your organisation from cyber threats.

Cover of article "Security Awareness Whitepaper"

Training that strengthens your security posture. Which attack techniques are currently relevant, what training strategies actually work – and which regulatory requirements apply.

Cover of article "Zero Trust Webinar"

From concept to practice. Why many organisations already have effective Zero Trust capabilities included in their Microsoft 365 licences – but aren’t using them.

Cover of article "Zero-Trust im Check"
Zero-Trust in focus

Three common myths busted. Zero Trust is one of today’s most important security strategies, yet it’s often misunderstood. We set the record straight.

Securing everyday operations: email remains the top attack vector.

Email continues to be the most widely used business communication tool – and therefore one of the biggest entry points for attackers. Around 90% of all cyber attacks start with an email. Today’s techniques are so sophisticated that phishing emails and malware are often barely distinguishable from legitimate messages. The consequences range from financial loss to data breaches and severe reputational damage.

What organisations need now is not yet another standalone tool. What matters is a holistic approach that brings together technology, processes and people.

Our approach delivers:

99.99%

detection rate for phishing, spam and malware

–75%

IT workload through consistent automation

How this works in practice is explained in detail in our reference:

Rethinking email security: prevention over damage control.

To the reference
Digital flows over which numbers 2026

Security in 2026: broader, deeper, more interconnected.

Regulation will remain a defining force: NIS2 moves from planning to mandatory practice, the Cyber Resilience Act (CRA) places renewed emphasis on product and supply chain security, the AI Act demands responsible AI operations, and DORA raises the bar in the financial sector – to name just a few. This is good for security. But it also means organisations face complex, overlapping regulatory frameworks. A focus area we will continue to support intensively in 2026.

At the same time, we’re seeing a clear shift from traditional IT security towards holistic cyber resilience. Modern security goes far beyond technology – it spans the entire organisation and extends across supplier ecosystems. Supply chain attacks on software and critical service providers have shown this repeatedly.

Laptop with a warning icon on the screen

The question is no longer if but when.

As the BSI notes in its latest state report: if you are vulnerable, you will be targeted. This requires a mindset shift: supplementing prevention with greater focus on detection and response – supported by an overarching, integrated perspective.
AI-driven cyber attacks will continue to increase. They will change attack patterns and accelerate automation on the attacker side. At the same time, they will demand new defensive mechanisms with a high degree of automation. Because the attackers’ AI arms race can only be countered with intelligent AI use on the defensive side. The market already offers promising solutions.
Yes, security budgets are limited. Which makes one question even more critical: What genuinely increases security maturity and ensures compliance?
With more than 4,000 vendors and new products emerging constantly, it’s difficult to maintain oversight.
My advice: start with a thorough assessment. Understanding the gap between your current and target state reveals where action is truly needed.
Our offering: comprehensive 360° security assessments such as B-Hard or the NIS2 Compliance.

Laptop with a warning icon on the screen
The question is no longer if but when.

As the BSI notes in its latest state report: if you are vulnerable, you will be targeted. This requires a mindset shift: supplementing prevention with greater focus on detection and response – supported by an overarching, integrated perspective.
AI-driven cyber attacks will continue to increase. They will change attack patterns and accelerate automation on the attacker side. At the same time, they will demand new defensive mechanisms with a high degree of automation. Because the attackers’ AI arms race can only be countered with intelligent AI use on the defensive side. The market already offers promising solutions.
Yes, security budgets are limited. Which makes one question even more critical: What genuinely increases security maturity and ensures compliance?
With more than 4,000 vendors and new products emerging constantly, it’s difficult to maintain oversight.
My advice: start with a thorough assessment. Understanding the gap between your current and target state reveals where action is truly needed.
Our offering: comprehensive 360° security assessments such as B-Hard or the NIS2 Compliance.

My conclusion.

One thing is already clear: 2026 won’t be any calmer. If I could leave you with one thought, it would be this: we don’t suffer from a lack of measures – we suffer from a lack of implementation. The real issue isn’t knowing what to do; it’s doing it. I encourage you to make the smart decisions that will genuinely make a difference.

Stay connected with me on LinkedIn.

I look forward to the conversation.