At the meeting of the Security Expert Group on 12 May 2026 in Cologne, the focus was on how businesses can strengthen their cyber resilience in the face of growing threats and new regulatory requirements.
The event “Cyber Resilience in Practice: Strategies for a Secure Digital Future” highlighted three key areas of action:
- a changing threat landscape, in which stolen login credentials and AI-powered attack methods significantly reduce the necessary response time;
- the practical implications of the Cyber Resilience Act, which makes cybersecurity mandatory throughout the entire product lifecycle;
- concrete organisational and technical approaches for greater digital resilience – from security by design and reporting processes through to contingency planning and systematic
It became clear that cyber resilience is not merely a protective measure, but a lasting capability to detect attacks at an early stage, limit their impact, maintain business processes and quickly return to stable operations.
Cyber resilience: New attack patterns shorten the response time
Cyber resilience describes an organisation’s ability not only to prevent cyber attacks, but also to respond to them in a prepared, structured and effective manner. The threat landscape has changed significantly: Stolen credentials on the dark web, infostealer malware and residential proxies increasingly enable attackers to gain access via seemingly legitimate identities and infrastructures that are difficult to trace. A particularly critical factor is that the time between successful infiltration and actual damage is continuing to shrink. This leaves companies with less leeway for detection, containment and response.
The consequences of cyberattacks now extend far beyond IT systems and can directly impact business processes, supply chains and security of supply. Artificial intelligence is also transforming cybersecurity: whilst it can strengthen defence, analysis and automation, it simultaneously increases the sophistication and speed of potential attacks.
This leads to a clear conclusion: cyber resilience requires more than formal compliance. Crucial factors include effective awareness-raising that addresses real attack patterns, consideration of additional entry points beyond email, technical protective measures, network segmentation, robust contingency planning and prepared communication channels.
Security updates: speed and control must go hand in hand
The necessary balance between the rapid deployment of security updates and compliance with regulatory and certification requirements was also discussed. The experts emphasised that, particularly in the field of cybersecurity, clinging too long to formal approval processes can cause significant risks if critical vulnerabilities are not addressed promptly.
From the experts’ perspective, a pragmatic and risk-based approach is therefore advisable: security-related patches and updates should, as a rule, be deployable at short notice to rapidly reduce attack surfaces. At the same time, appropriate organisational and technical measures must ensure that stability, traceability and compliance remain guaranteed. These include, in particular, comprehensive logging and monitoring, automated and manual testing, clearly defined approval processes for emergency changes, and reliable rollback mechanisms to enable a rapid return to a stable state in the event of an error.
The Cyber Resilience Act shifts security into the product lifecycle
The Cyber Resilience Act broadens the view of cyber resilience to include a product-related perspective. Cybersecurity is thus understood not only as a task for corporate IT, but as a responsibility spanning the entire lifecycle of digital products.
Products with digital elements must be developed, documented, monitored and maintained securely. This brings Security by Design, lifecycle management, vulnerability management, conformity assessment and reporting processes more into focus.
For companies, this means assessing at an early stage which products, components and product ranges are affected and what role they play within the supply chain – for example, as a manufacturer, importer, distributor or operator. Equally important is the preparation of robust processes for reporting obligations, deadlines, escalations and responsibilities.
Open practical questions include reporting across multiple sites, the use of a central reporting platform, the handling of product ranges, grandfathering for end-of-life products, responsibilities regarding imports, and the concrete implementation of Security by Design throughout the entire product lifecycle.
Helpful tools for this include a clear inventory, transparent interface overviews, an overview of cryptographic algorithms used, traceable technical documentation, and suitable tools for product, risk and vulnerability management.
CSAF and security.txt: Standards help classify vulnerabilities more quickly
CSAF and security.txt were highlighted as practical examples of how standardised procedures can support cyber resilience and regulatory requirements. Given the ever-growing number of CVE reports, many organisations face the challenge of an increasing information overload.
As not every vulnerability is relevant to every organisation, rapid assessment is often hampered by the absence or incompleteness of robust asset, product and IoT management processes.
Against this backdrop, structured and machine-readable security information is becoming increasingly important. CSAF (Common Security Advisory Framework) enables the standardised delivery and automated processing of security advisories. This allows affected products, components and risks to be identified and assessed more quickly.
In addition, the security.txt defined in RFC 9116 creates a clearly defined and easily discoverable communication channel for security notifications and responsible disclosure processes. Vulnerabilities can thus be reported, assigned and processed more efficiently.
Standards only take effect when embedded in existing processes
Particularly in the context of the requirements of the Cyber Resilience Act, such standards can help to simplify reporting channels, shorten response times and fulfil regulatory compliance obligations more efficiently.
However, the experts emphasised that the actual added value only arises through integration into existing security and operational processes. These include, in particular, inventory management, product responsibility, monitoring, communication channels, assessment, prioritisation and remediation of vulnerabilities.
Furthermore, standardised procedures improve collaboration between manufacturers, operators and security researchers and strengthen overall responsiveness to security incidents. They thus make an important contribution to the sustainable enhancement of the cyber resilience of organisations and digital infrastructures.
Conclusion: Cyber resilience must work in an emergency
The discussion made it clear that cyber resilience is not a single project, but a strategic framework for action for companies, manufacturers and operators of digital products. Technical protective measures, regulatory requirements and operational vulnerability management are closely interlinked.
Companies should now establish transparency regarding systems, products, interfaces and supply chains, clarify responsibilities and prepare their processes for emergency response, communication, reporting obligations and vulnerability management.
What is crucial is an approach that not only documents security but also delivers it in practice in an emergency: through rapid response, continuous monitoring, traceable documentation, clear responsibilities and robust fallback options. In this way, cybersecurity evolves from a compliance task into an essential component of digital resilience.
The presentation materials for the event are available via the members’ portal.
