ONEKEY Report: German Industry Must Focus on Cyber Resilience in 2025 Amid Growing Vulnerabilities
February 06, 2025
News
Duesseldorf, Germany. The German Federal Office for Information Security (BSI) states that more than 2,000 software vulnerabilities surface monthly, with about 15 percent marked as "critical." “In view of this constant threat situation, German industry should further strengthen its cyber resilience in 2025," commented Jan Wendenburg, CEO of the Duesseldorf-based cybersecurity company ONEKEY. The “OT+IoT Cybersecurity Report 2024” from his company suggests that last year, the industry did not adequately address software security in networked devices, machines, and systems.
"The industry has a lot of catching up to do in this area in 2025 compared to last year," said Wendenburg. The report on security in operational technology (OT) and Internet of Things (IoT) devices is based on a survey of 300 industry executives (https://www.onekey.com/resource/ot-iot-cybersecurity-report-2024).
Research shows that 27 percent of companies are unaware of their cybersecurity budget situation, while only 33 percent consider their cyber resilience funding to be strong enough. During the survey ONEKEY sought to identify what measures companies are utilizing to assess their cyber resilience. The report shows that 36 percent administer threat assessments, 23 percent introduce penetration tests, 22 percent rely on active monitoring of networks, 15 percent prefer vulnerability assessments (multiple answers were allowed) and 19 percent enhance security through network segmentation for predictive safekeeping of the entire network.
The most common cybersecurity measure reported in the survey was legal rather than technical, with 38% of businesses requiring IT providers and suppliers to guarantee security in contracts. The efficacy of this strategy is doubtful, as past security breaches have also involved companies with “contractually assured security,” including Cloudflare, CrowdStrike, and Cisco. Just under a third of the companies questioned have methods in place to learn from security instances and execute essential upgrades.
"Pre-defined business processes that define how to deal with hacking attacks, both during and after an attack, should be part of every company's security repertoire," said Jan Wendenburg. He explained: "In view of the ongoing threat situation, every company management should be adequately prepared for the worst-case scenario."
34 percent of businesses make at least some attempts to enhance security after a hacking occurrence. The companies try to completely analyze and evaluate the security instance they have endured and obtain advances in terms of measures to ward off nefarious actors. On the other hand, the “OT+IoT Cybersecurity Report” finds that close to the same number of companies are vulnerable for cyber-attacks.
The majority remain uncertain about mitigating cyber-attacks on connected systems, with 16 percent lacking the necessary operational methods to learn from security breaches and reinforce defenses. "Business leaders should put cyber resilience at the top of their agenda for 2025," recommended Jan Wendenburg.
ONEKEY will be exhibit embedded world 2025 located at booth, Hall 5, booth 5-376.
For more information please, visit honekey.com/resource/embeddedworld2025.
Chad Cox. Production Editor, Embedded Computing Design, has responsibilities that include handling the news cycle, newsletters, social media, and advertising. Chad graduated from the University of Cincinnati with a B.A. in Cultural and Analytical Literature.
