Cybersecurity Year in Review 2024

2024 is drawing to a close - a year full of alarming figures and new findings in cybersecurity. Anyone who takes a look at the latest studies and reports, such as the Allianz Risk Barometer or the figures from Bitkom, quickly realises that the threat situation has never been so serious.

For the fourth time in a row, Bitkom puts the damage caused by cybercrime at over two billion euros. A figure that seems almost commonplace, although it should actually be shocking. The Allianz Risk Barometer confirms this trend: cyber attacks remain the biggest business risk worldwide. But as "normal" as these reports sound, the crucial question remains: How long can this go on?

The BSI's annual report on IT security in Germany is also worrying. The number of malware variants recognised every day continues to rise. For companies and IT security managers, this means an ever-growing challenge to keep pace and protect their own systems.

Ransomware and its consequences

Ransomware attacks were a topic that repeatedly made the headlines in 2024. There were also numerous cases this year that attracted a lot of attention. The attack on battery manufacturer Varta AG stood out in particular. Already struggling financially, the cyberattack hit the company particularly hard and had a significant impact on operations.

Another example was the case of Schumag AG. Here, the ransomware attack had far-reaching consequences and ultimately even contributed to the company having to file for insolvency. Although the cyberattack was not the sole trigger, it significantly exacerbated the existing economic situation. These cases show once again that the consequences of cybercrime go far beyond the initial attack and can destabilise companies in the long term.

Crowdstrike in focus: a wake-up call for manufacturers in terms of cybersecurity

Another topic that attracted a lot of media attention in 2024 was the Crowdstrike incident. A mistake that nobody really had on their radar led to the company's CEO having to make a statement to the US Homeland Security Committee. This incident caused a huge media wave and put security issues in the spotlight.

Has this incident led to greater awareness among manufacturers? It can be assumed that such events will trigger a rethink in the industry. On the other hand, the question arises as to whether this was not a serious but perhaps unavoidable mistake. It remains to be seen how such incidents will influence companies' security strategies in the future.

NIS2 is a long time coming

As far as "NIS2" is concerned, there has unfortunately not been too much movement this year. Although the implementation law has been packaged in a draft bill, it is now on the back burner due to the new elections in Germany. According to projections, it could be months before a final decision is made. It remains to be seen whether politicians will finally manage to follow up with action.

Nevertheless, those who are already dealing with the topic of NIS2 today are not doing anything wrong. Preparing for the requirements at an early stage and developing a roadmap is definitely the right way to go. And regardless of the law, the aim of every company should be to ensure that it is not hacked. Because ultimately, it's still about understanding and implementing the basics - that goes far beyond legal requirements.

The most important milestones of suresecure 2024

The year was characterised by a comprehensive transformation. We continued to expand our path as a service provider and further increased the maturity of our Security Operations Centre (SOC). Our partnership with Google has helped us to become even better in cloud security. We also founded suresecure Europe Ltd. in Malta and took the step to expand into Europe. The requirements of NIS2 in particular, which affect companies in Europe, have been a key driver of this development.

Our focus was not only on expanding the SOC, but also on strengthening cyber insurance as an important part of our security strategy. Another topic that is increasingly coming to the fore is OT (operational technology) security. Especially in Germany, where many large industrial companies are based, this area must not be neglected. We still see a considerable need to catch up in terms of security precautions, which we are actively addressing.

A look into the future

The challenges in the area of cybersecurity will certainly not diminish in 2025. Threats are becoming ever more sophisticated and companies will have to adapt to an increasingly complex security situation. Even if politicians may take their time, we should not wait for the state to take the helm. It is crucial that companies take responsibility themselves, undergo regular training and further education and develop a clear security strategy.

In our latest episode of Cybersecurity Basement in 2024, Michael and Andreas talk about these topics in detail. Listen in now!

Cybersecurity review of the year 2024