Cybersecurity is like any other form of security: you often only notice it's missing when it's too late. This applies to private individuals – but increasingly also to companies. This is because digital attack surfaces are increasing, not least due to global networking and the growing use of AI technologies, which enable new attack scenarios. The 2024 IT Situation Report by the Federal Office for Information Security (BSI) highlights the dynamics of this development: an average of 309,000 new malware programmes are identified every day – a clear sign of the growing complexity in the digital space.
The Bitkom study Wirtschaftsschutz 2024 (Economic Protection 2024) also confirms that digital attacks on companies in Germany are a growing problem: 81 percent of companies have been affected by data theft, espionage or sabotage in the last twelve months, causing damage of around 267 billion euros – a new record. Two-thirds of companies now see cyber attacks as a threat to their existence. These figures highlight the urgency of taking preventive security measures and investing specifically in resilience.
When a lack of security becomes a brake on growth
A recent PwC study shows that these investments are not lacking: 84 per cent of companies in Germany planned to increase their cybersecurity budget in 2024. The focus is on modernising technologies, securing cloud environments and using AI solutions. Germany is considered a pioneer in the field of generative AI in particular when compared internationally. Companies are thus setting clearly visible priorities for greater digital resilience in an international comparison.
The threats are manifold. Attacks are increasingly hitting companies at critical points – often where security measures are inadequate or non-existent: for example, in backup strategies, firewalls or employee awareness. Ransomware attacks and denial-of-service attacks (DDoS), which are steadily increasing, are particularly problematic. Attackers use phishing emails to gain access to company networks, encrypt data and demand ransom. In DDoS attacks, the availability of online services is paralysed by massive requests, which has significant consequences for e-commerce, financial service providers and logistics companies. The Federation of German Industries (BDI) has also observed an increase in industrial espionage and sabotage, which is often facilitated by the use of IoT technologies.
How can companies find the right strategy for greater resilience?
The good news is that there are solutions to protect against cybercrime. Companies need to identify their own vulnerabilities before investing in new security infrastructure. With its CyberRiskCheck, the BSI offers small and medium-sized enterprises in particular the opportunity to analyse their risks and develop tailor-made security strategies on this basis.
This is where startups come into play, demonstrating, expanding or improving new cybersecurity strategies for companies through innovative solutions. de:hub Darmstadt is one of the central platforms that promotes exchange between startups, research institutions and established companies. The aim is to develop concrete, practical solutions and accelerate knowledge transfer.
The de:hub portfolio includes numerous startups that develop application-oriented security solutions. Whether cyber security analysis, compliance, AI protection or access control – these companies demonstrate how digital resilience works in practice.
These startups are making the digital economy more secure
Zealience: Automates cyber compliance for IoT products in accordance with the RED Regulation, enabling companies to efficiently meet their security requirements and minimise regulatory risks.
Contexxt.ai: Provides a secure generative AI platform that helps companies integrate AI into their processes without compromising data security.
Threat-Informed Cybersecurity Solutions: Provides threat-oriented security solutions that help companies efficiently meet regulatory requirements such as NIS2, DORA and ISO 27001.
Complioty: Provides an automated solution for cybersecurity analysis of machines and helps companies quickly meet compliance requirements such as the Cyber Resilience Act.
LocateRisk: Visualises vulnerabilities in IT systems, enabling companies to improve their security measures in a targeted manner.
RedMimicry: Provides realistic attack simulations to prepare IT teams for real cyber attacks and optimise their defences.
CyberDesk: Provides a solution for data access control that applies to both human and non-human identities. Companies can efficiently manage their data access rights.
In addition to their commitment to a secure digital space, many of the startups have another thing in common: they benefit from the support of the National Research Centre for Applied Cybersecurity ATHENE. LocateRisk, RedMimicry and CyberDesk won the ATHENE Startup AWARD UP@it-sa in 2024, gaining national visibility. Starting in July 2025, founding teams in the field of cybersecurity will be able to apply for the next edition of the award.
In addition, Zealience, contexxt.ai and Threat-Informed Cybersecurity Solutions are part of the fifth round of the SpeedUpSecure startup accelerator, which starts on 28 May. The six-week programme promotes the market development of young cybersecurity companies and offers them access to a network of companies and experts.
The right mix of investment, culture and collaboration
The increasing threat situation in Germany shows that investment alone is not enough. A security culture and strategic risk management integrated into the entire corporate structure are needed. In addition, the exchange between companies, startups and authorities must be further expanded in order to develop effective, scalable solutions. The Digital Hub Initiative, with its 25 locations in Germany, creates the necessary conditions for this by connecting research, business and technology companies.
Cybersecurity has long been more than just a technical issue – it has become the foundation for economic stability and digital resilience. Investing in security today means securing not only data, but also the future. Digital transformation can only succeed with a secure foundation.
