In Germany, cybercrime is no longer a side issue but a macroeconomic factor. This piece summarizes the situation as of 2023, highlights key market figures, and translates them into concrete action items for organizations.
Threat Landscape: Numbers, Not Gut Feel
According to Bitkom, damages from cybercrime in Germany in 2023 again exceeded 200 billion euros – the third consecutive year at this level. The main driver remained ransomware campaigns following the double-extortion pattern: data encrypted, plus the threat of publication. Targeted attacks on cash-rich organizations – "Big Game Hunting" – aggravated the picture.
Cyber threats are growing structurally, not cyclically. Organizations that did not invest heavily in resilience in 2023 face a noticeably larger catch-up effort in 2024.
Policy, Institutions, and Key Events
The BSI's 19th German IT Security Congress in 2023 was held under the motto "Digital Security for a Sustainable Future". In parallel, the German government prepared the national transposition of the NIS 2 Directive. The cyber security skills shortage remained a dominant theme.
Market Development
- Market size 2023: approx. €5.81 billion.
- Security services: approx. €3.19 billion – the dominant segment.
- Forecast 2028: approx. €7.13 billion, with double-digit annual growth in services.
Growth drivers include expanding managed security offerings, the implementation of regulatory mandates (NIS 2, KRITIS, DORA), and rising demand for specialized incident response support.
Concrete Actions for Organizations
- Nail the fundamentals: MFA everywhere, EDR on every endpoint, patch and vulnerability management.
- Make backups resilient: Offline and immutable backups, regularly tested restores.
- Prepare incident response: Playbooks, retainers, drilled communication – see the incident response guide.
- Anchor awareness: Recurring training, phishing simulations, reporting culture.
- Factor in compliance: ISO 27001 and NIS 2 as the red thread through the entire program.
Actions for Individuals
- Manage strong, unique passwords in a password manager.
- Keep software and apps up to date.
- Stay skeptical of unexpected emails, calls, or messages.
- Back up and encrypt important data regularly.
- Stay informed about current threats – at work and at home.
Conclusion
The 2023 picture is clear: cybercrime is a structural risk, not a temporary state. Regulation, market growth, and professional adversaries all meet a tight labor market. Organizations that tackle fundamentals, resilience, and incident response together noticeably shift the risk – and make the difference between an unpleasant incident and a corporate crisis.