Skip to main content Skip to search Skip to main navigation

Let’s not discuss the economy – hackers don’t see it that way

It would be perfectly understandable if a certain gloominess has settled over you when reflecting on business projections, there has been, shall we say a feeling of a certain slump in the markets. If you are a positive sort of person you may have thought, ‘…well on the upside, this makes us less of a target for cybersecurity attacks, they’re more likely to go for places where business is booming’.

In all fairness America is the top destination but unfortunately in terms of cyberattacks, Germany remains a highly prised destination and is in the top ten globally by number and variety of cyberattacks.

Being a positive sort of person you may think, ‘…well everyone knows it’s public offices and critical infrastructure that’s targeted most’. Unfortunately, here again the goal is often wider attacks gathering data from small to medium businesses. This then spreads to supply chains and like a domino effect, the system that we call Germany is crippled.

Cybercriminals continued to employ successful attack strategies from recent years. Not only were an increasing number of small and medium-sized enterprises (SMEs) targeted (80 % of reported attacks), but these attacks also resulted in data leaks (or the threat thereof) in most cases, against which victims have no effective coping strategies. (BSI accessed on 28.05.2026)

To sum up, unless your business is treating this as an active threat with high priority, you’re quite likely going to be tomorrow’s sad news story.

Luckily this is high on the European and local government agenda and as a result there are tools to arm you against this threat. It comes under the banner NIS 2 and NIS 2 training courses for business managers. This was previously only mandated for a select group of companies but the gravity of the situation has immediately necessitated a far greater coverage. Knowledge for managing the risk of cybersecurity is now considered of the utmost priority for all businesses.

Here is a summary of the latest changes for NIS 2 training for managers:

  • The recommendations regarding the duration of the course (previously 4 hours) and its regularity (previously every 3 years) have been significantly qualified. The guidance no longer specifies any concrete times. Duration and regularity depend individually on the knowledge and skills of the persons to be trained. However, the 4 hours are still mentioned in the explanatory memorandum to the BSIG and therefore cannot be regarded as entirely off the table as a benchmark.
  • In the new guidance, the BSI repeatedly recommends that the management level of organisations not affected by NIS 2 should also complete the training.
  • The guidance states that “interactive or time-decentralised training formats in particular are very well suited to conveying the crucial link between the training content and risk management in everyday practice”. I read this as an appeal: use eLearning!
  • Overall, the guidance provides for slightly less training content than the previous version.

Time for a bit of positivity, because let’s face it, we all need it!

  1. If you were a company that got their ducks in a row early in the game and have already done a NIS 2 course with DSN train, you’re in luck. The course you did, covered all the newly rolled out changes.
  2. If you have only recently realised how urgent NIS 2 training for managers is, then you can enroll your managers today with DSN train who currently have, what many companies claim, the best course on the market.

If we have yet to convince you, we’ll leave you with a few stark facts to ponder taken from the Germany threat landscape report 2025 :

Top Targeted Sectors: Retail Trade (14.72 %), Finance & Insurance (12.05 %), and Electronic Shopping (10.43 %) are among the most exposed sectors, highlighting risks for industries handling consumer data.

Ransomware Evolution: Manufacturing (18.15 %) remains the most targeted sector, with emerging groups like RansomHub (10.1 %) and Akira (8.9 %) overtaking previous ransomware leaders.

Phishing Surge: Finance (22.24 %) and Cryptocurrency/NFT sectors (20.68 %) are the top phishing targets, showing a strong focus on financial data theft.

Dark Web Threats: Germany accounts for 20.68 % of stealer log data, exposing hundreds of thousands of credentials tied to major domains like amazon.de and ebay.de.

DDoS Attacks: Over 205,000 DDoS attacks were recorded, with peak bandwidths reaching 380.42 Gbps, threatening operational stability across industries.