Germany’s cybersecurity posture remains precarious, according to a newly released annual report by the Federal Office for Information Security (BSI), presented Tuesday by Interior Minister Alexander Dobrindt. While the resilience of critical infrastructure shows signs of growth, the nation continues to be significantly vulnerable in the digital realm, hindered by persistently inadequate protection across a broad spectrum of online systems and services.
The report highlights a concerning uptick in cyber threats, noting a 24% increase in the number of newly discovered vulnerabilities daily between July 2024 and June 2025. Web applications are repeatedly cited as particularly deficient in security protocols, alongside frequently misconfigured and unprotected servers where previously identified security flaws are often addressed belatedly, or not at all. This situation is exacerbated by the accelerating pace of digitalization, which inherently creates new internet-based applications and systems-potential entry points for malicious actors if not adequately secured from inception.
BSI President Claudia Plattner underscored the pervasive nature of the risk, stating, “Any institution or individual accessible via the internet is, in principle, threatened. Attackers actively seek out the most vulnerable points”. She elaborated on a disturbing trend: “Cybercriminals infiltrate wherever possible and subsequently assess the potential for damage”. This suggests a reactive, rather than proactive, security approach is currently prevalent.
While financially motivated cybercrime saw a 9% decrease, attributed to successful international law enforcement collaborations between the BSI and the Federal Criminal Police Office (BKA), the report emphasizes that professional, organized ransomware groups remain the most formidable threat. The escalating global geopolitical landscape is also fueling a rise in state-sponsored actors conducting complex, long-term attacks targeting political and economic objectives.
A particular area of concern highlighted is the cloud sector, alongside energy supply chains and the automotive industry. Here, the potential for manufacturers and providers to retain permanent and uncontrolled access to systems and data poses a significant risk.
The uneven distribution of resources and awareness creates a stark divide, with larger operators progressively bolstering their defenses while smaller and medium-sized enterprises often lack both the capacity and the understanding of their own vulnerabilities. This problem extends to municipalities, political organizations, associations and political parties – crucial aspects of the democratic fabric.
The BSI also criticizes consumer behavior, arguing that a lackadaisical approach to IT security remains widespread. Stronger security protocols such as passkeys, robust passwords, two-factor authentication and regular software updates are vital improvements that remain underdeveloped. The onus, the report stresses, isn’t solely on individual users; manufacturers and providers must prioritize integrating these protections as standard features.
In response to these challenges, the Ministry of the Interior (BMI) plans to construct a “Cyberdome” – a partially automated system for detecting, analyzing and responding to cyberattacks. Furthermore, the cyber defense capabilities of security agencies will be strengthened to actively prevent, mitigate, or halt serious attacks. This move, while potentially vital, raises questions about the scope of governmental intervention and the potential for curtailing individual liberties in the name of cybersecurity. The effectiveness of these new measures will ultimately depend on a comprehensive shift towards a proactive and consistently applied security framework across all sectors of German society.