Threat situation remains at a high level

13.11.2025

Source: E & M powernews

The German Federal Office for Information Security (BSI) has presented its annual cyber security status report. Small and medium-sized companies are particularly at risk.

This November, the Federal Office for Information Security (BSI) once again presented its annual report on the state of IT security in Germany. The reporting period is from July 1, 2024 to June 30, 2025.

Unlike in previous years, the authority does not see a steady worsening of the threat situation. It has stabilized - albeit at a high level. This is because companies, public bodies and organizations are still making it far too easy for attackers to cause damage. The BSI warns that cyber criminals always take the path of least resistance and look for targets with the lowest level of protection. As a result, more and more small and medium-sized companies and political institutions are being targeted by attackers.

Companies with up to 50 employees in particular are often unable to adequately take care of the operation and protection of their information technology.
The vulnerabilities that became known on a daily basis in the current reporting period are particularly prevalent in small and medium-sized enterprises. According to the BSI, SMEs also account for 80 percent of reported cyberattacks. In most cases, these also led to data leaks, which the victims often did not know how to deal with.

According to the situation report, an average of 119 vulnerabilities in IT systems were reported worldwide every day. Compared to the previous period, this represents an increase of 24 percent. The vulnerabilities can relate to both software and hardware products. The BSI therefore emphasizes that "security by design" - an approach that is being pursued in intelligent metering with smart meter gateways, for example - is therefore a "strategic necessity". According to the BSI, 75 new hardware and microarchitecture vulnerabilities became known in the current reporting period. In addition, 165 reports of vulnerabilities in software products were received.

BSI records 153 reports from the energy sector

New attack infrastructures also became known in the current reporting period. The situation report mentions two new IoT botnets. Their malware had already reached the respective devices during the production process and these were then passed on to retailers pre-infected. It was not possible to subsequently clean up the approximately 40,000 IoT devices that were to be integrated into networks via the internet.

At the same time, the authority points out that measures to strengthen the resilience of society as a whole against attacks are definitely taking effect. Both the prevention and defense capabilities as well as the ability to cope with successful attacks have increased. Ultimately, international law enforcement authorities have also successfully taken action against criminal groups and have been able to put a stop to them.

Nevertheless, the threat situation remains very tense, especially for companies and facilities that are part of the critical infrastructure. In almost all critical sectors, the BSI recorded more incident reports in the reporting period than in the previous twelve months. The energy sector is one of them. In this sector (as of June 30, 2025), 308 system operators and 517 systems are currently part of the critical infrastructure. After 137 reports in the previous reporting period, the BSI has now recorded 153 reports.

This classification is linked to a reporting obligation. It relates to incidents "that have led or could lead to a failure or to a significant impairment of the functionality of the critical infrastructure". However, the BSI also encourages companies to submit voluntary reports to the national IT situation center. After all, every report contributes to the situation picture.

Further information on the IT security situation in Germany is available on the BSI website.

Author: Fritz Wilhelm