In view of the growing threat posed by ransomware, eco – Association of the Internet Industry is calling for the consistent implementation of ‘security by design’ and a significant rethink of cyber resilience in companies. Although investigative authorities are doing valuable work in investigating cyber attacks, private sector players are also called upon to fulfil their responsibilities – not least in order to protect their customers and business partners.
The German Federal Criminal Police Office (BKA) report on the cybercrime situation in Germany in 2024 shows that cyberattacks are continuing to increase, with ransomware as the dominant threat. More than 130,000 criminal offences were recorded, with around 200,000 offences committed abroad. At 32 per cent, the clearance rate remains alarmingly low. At the same time, the Allianz Risk Barometer 2024 warns that cyber incidents are the biggest business risk worldwide – especially from ransomware. These figures show that without preventive measures and robust security concepts, insurance protection is not enough.
Prof. Norbert Pohlmann, eco Board Member for IT Security, comments:
‘Ransomware is no longer a marginal phenomenon – it is a structural risk for the economy, society and the state. Companies must not only react to incidents, but also proactively establish security architectures. Security by design is the key here – and the Cyber Resilience Act makes it clear that this will no longer be optional in the future.’
Ransomware is becoming more sophisticated – AI as a catalyst
Ransomware attacks not only lead to the encryption of sensitive data, but increasingly also to the failure of production systems or critical infrastructure. Data theft and the targeted publication of confidential company data are increasingly becoming part of the blackmail strategy. Criminal actors are also increasingly relying on artificial intelligence to automate attack techniques and exploit vulnerabilities in a targeted manner. German industry in particular is increasingly becoming a target – often with significant economic consequences.
Event: Understanding ransomware – strengthening resilience
How is ransomware developed? What role does AI play in modern attacks? And how can SMEs in particular protect themselves effectively?
To shed light on these questions, eco Association of the Internet Industry, together with Wirtschaftsförderung Rhein-Erft GmbH and Kreissparkasse Cologne, is hosting the (German-language) event ‘Ransomware – Current Threats, Effective Protection Strategies’ on 2 July 2025.
For greater protection, eco also calls for:
- Security by design as a regulatory and technical standard
Security mechanisms must be integrated into the development of digital systems from the outset – as the basis for effective cyber resilience and compliance with the Cyber Resilience Act (CRA). - Greater investment in prevention and training
Companies should identify vulnerabilities at an early stage, raise awareness among employees and design secure internal processes. - Expanding cooperation between government and industry
Only through coordinated action and the exchange of information can the threat posed by ransomware be effectively contained. - Strengthen responsibility in the private sector
Responsibility for digital security does not lie solely with law enforcement agencies – companies also have an active responsibility to protect their systems and customer data.
eco is actively supporting the implementation of the Cyber Resilience Act and providing companies with expertise, guidelines and industry initiatives – for a resilient digital Germany.
