In Germany, the awareness of the necessity of effective cyber security solutions is on the rise. Both on the political as well as on the economic level. Every five years since 2011, the BMI (Ministry of the Interior) composes a Cyber Security strategy for Germany for the following five years. The strategy assesses the current status of cyber security in Germany and sets up a strategic frame for the government’s actions in the field.

In the context of the German National Cyber Strategy of 2021, the Minister of the Interior, Horst Seehofer, emphasized the necessity of sufficient cyber security solutions for the success of Digitalization. This includes not only well-equipped authorities, but also effective protection of critical infrastructure, commercial enterprises and private citizens.

To engage with these topics and to tackle the challenges that Germany is facing when it comes to cyber security, the BMI formed a ‘Quadriga’, which is made up of four experts, each representing one of the following parts of Society: Economy, State, Civil Society and Science.

On April 23rd 2021 the Quadriga of the National Pact for Cyber-security published a declaration of Cyber Security for the society as a whole1. The declaration was based on the ‘Online Compendium’ (See Sources to read full report and declaration), which had been published two months prior. The compendium identified ‘Fields of action’ which encompass for example:

  • ‘Technology’, which includes topics like the expansion of data centers and fostering of preventive technologies against cybercrime
  • ‘Application’, which includes topics like ‘e-government’ and secure digitalization in the public sector
  • ‘Layout’ which engages with topics like telecommunication, regulation and privacy

Based on the Compendium, the Quadriga’s declaration lists 13 fields of action in which cyber security has to be achieved or improved through collaboration between Science, Society, Economy and State. Among these fields are for example:

  • Cyber Security for the public – includes increasing the availability of technologies like encryption and automated software tests to foster individual cyber security
  • Cyber Security as crucial aspect of digitalization in the private and public sector

While all of these points are part of the national strategy, the focus differs depending on federal state and location. For example, does the federal state of Bremen focus on IT-security in the maritime industry, especially port-security and the federal state of Hessen on promotion and settlement of spin-offs from research projects on site.

The Quadriga emphasizes the necessity of accessible and reliable cyber protection for private households as well as companies and authorities. The declaration has identified the need for increased monetary and societal efforts to achieve these goals in the age of digitalization. This opens up opportunities for companies that offer solutions to these problems and fosters investment in the cyber sector.


An investigation by BITKOM (Association of Telecommunication, IT and New Media) in 2021, found out that the damages suffered by German companies through cybercrime are estimated to be in excess of 220 Billion Euros per year.

This does not only affect the companies but also their customers. For example: Recently hackers stole the data of millions of T-Mobile clients, which is the US subsidiary of Deutsche Telekom. Also, just this month hackers paralyzed the University of Leipzig, asking for ransom.

To prevent attacks like these, the security of IT infrastructure becomes a strategic economic factor for industry, economy and state. This has also been one of the key concerns in the Quadriga declaration. And therefore, as the damage to the German economy is increasing, so is companies’ spending on the protection of their IT infrastructure. Since 2017, investment in cyber security has almost doubled and is predicted to continue the steep increase.

This especially concerns operators of critical infrastructures. According to the IT-SiG 2.0 (IT-security law 2.0), which came into effect in May 2021, operators of critical infrastructure are compelled to engage with cyber security threats and scenarios.

Within one year, the concerned companies and authorities are obliged to protect against cyber-attacks, using Security Incident & Event Management Systems (SIEM). Thus, critical infrastructure in Germany has become an attractive target group for companies that offer SIEM solutions.

Not only has the German government made cyber security a key factor in their digital agenda, but also companies are increasing spending on cyber security solutions and are open for business and investment in the cyber sector. As the graph below shows, did spending on cyber security constantly increase during the past years. It is predicted to continue its growth.


If You have any questions about the German market or You wish to expand Your business to Germany, please contact the Economic and Trade Mission in Berlin.

We are happy to assist You and Your company!