Last Updated on 17. November 2025
The IT Status Report 2025 published by the Federal Office for Information Security (BSI) paints a mixed picture for the period from July 2024 to June 2025: although the threat situation has stabilised overall, both the number of attack surfaces and the amount of damage continue to rise.
Federal Interior Minister Alexander Dobrindt emphasised at the presentation: ‘Germany is one of the top targets for cyber attacks after the USA, India and Japan.’ This underlines the central importance of cyber security as a task for society as a whole – and as a strategic issue for companies and administrations.
Key findings from the IT Status Report 2025
- 280,000 new malware variants per day were registered.
- 950 reported ransomware attacks – the number of unreported cases is likely to be many times higher.
- Small and medium-sized enterprises (SMEs) are particularly affected and are paying ever-higher ransoms.
- Every second attack is directed against the public sector.
- 30,000 vulnerable Microsoft Exchange servers remain in hospitals, schools and other critical institutions.
- The exploitation of IT vulnerabilities rose by 38%, and the number of new vulnerabilities by 24%.
- The BSI plans to set up a national ‘cyber dome’ for the early detection of attacks.
BSI President Claudia Plattner emphasises that in future, not only threats but also the effectiveness of countermeasures should be measurable – a crucial step towards making cyber security strategically controllable.
Need for action: From reaction to resilience
The data shows that technical protective measures alone are no longer sufficient. Cybersecurity must be strategically thought out, organisationally anchored and technically implemented. This applies to corporations as well as SMEs and the public sector.
Important areas of action are:
- Early detection of vulnerabilities and threats
- Development of a holistic security strategy
- Anchoring security processes in the organisation
- Securing the application landscape (web, cloud, mobile)
- Raising awareness and training employees
How mgm helps to ward off threats
The latest figures from the BSI status report show that security risks are no longer purely technical problems, but equally affect strategy, organisation, processes and culture. This is precisely where mgm comes in with its specialised services, supporting companies and public administrations in effectively and sustainably warding off cyber threats.
Strategic & organisational
mgm supports organisations in the development and implementation of holistic security strategies and connects business, organisation and IT in order to firmly integrate cybersecurity into structures and decision-making processes. This includes:
- IT and security strategies that systematically anchor vulnerability management, risk analysis and resilience building.
- Governance and process design that creates clear responsibilities and integrates security measures into everyday operations.
- Change and transformation support to ensure that security initiatives do not fail due to culture or acceptance – particularly relevant for administrations and SMEs.
Technical & operational
This strategic approach is complemented by in-depth technical expertise in application security. mgm tests, hardens and secures software, systems and processes – including through:
- Penetration tests for web, mobile and cloud applications in accordance with BSI and OWASP standards.
- Secure software development & DevSecOps, in which security is embedded in the development process.
- Application security assurance, threat modelling and training to raise awareness of security risks among developers and employees.
- Experience in the public sector, including projects in the BSI environment and critical infrastructures.
The result:
With this combination, mgm creates a comprehensive protection approach – from strategic planning to concrete implementation. Companies and administrations thus gain not only technological security, but also organisational resilience in the face of a threat situation that, according to the BSI, is becoming increasingly complex and dynamic.
Conclusion
The IT Status Report 2025 makes it clear: Germany is at the centre of global cyber attacks – and defence requires an integrated approach.
Together, we help companies and administrations to shape their digital future in a secure, resilient and capable manner.
Further information:
