Cybersecurity - "hackers not black swans"

Around, 1,100 delegates, 75 exhibitors and startups came together in mid-May in the Schuppen 52 building to discuss all the latest trends, technologies and best practices in cybersecurity. Containers that were being loaded nearby provided a fitting setting, as attacks on the Port of Hamburg alone have increased more than a hundredfold since the start of the war in Ukraine, reports said. However, attacks on critical infrastructure do not catch those responsible by surprise. Sumeet Kukar, a cyber security expert from Australia, used a world map to outline the different nations' perspectives.

Germany, for instance, focuses mainly on protecting the government, ministries and authorities, while Benelux countries concentrate more on hackers' tactics and how they gain access to data and systems. The United States, on the other hand, focuses on data in its entirety. "Critical data is generally given special protection. However, the U.S. is increasingly recognising the importance of 'junk data', i.e., supposedly irrelevant data," said Kukar. By analysing the decision-makers' culinary preferences or politicians' movements, hackers can detect vulnerabilities. Weakspots give insight into corporate developments especially important macro-economic issues.

But how far should companies go when investing in cyber resilience? Jascha Wachsmuth-Temme, IT Security Manager at MBition, a subsidiary of Mercedes Benz, recommends assessing  the probability of risk. In this context, distinguishing between a white swan, a grey rhino and a black swan is helpful. "The white swan is a risk that is easy to plan for," he pointed out, citing Microsoft's Patch Tuesday, when it publishes security updates, as an example. Then vulnerabilities in need of protection are usually revealed.  Companies that use Microsoft should definitely be prepared for this, as hackers are.

The grey rhinoceros, on the other hand, stands for awareness of a threat that is ignored even though it poses considerable risks. Wachsmuth-Temme cites the Equifax scandal in 2017 as an example. The U.S. financial services provider was accused of having enabled a cyber attack that exposed the personal data of 147 million people through a lack of security. "That data breach has led to a class action lawsuit against Equifax." Up to USD 700 million dollars or EUR 624 million have allegedly been paid to help people affected by the breach. 

Lastly, the black swan stands for an unexpected and unpredictable risk, such as the huge economic impact of COVID-19. "A company must be extremely flexible to prepare for a black swan as the ability to react swiftly is crucial."

Nowadays, it is hard to imagine a world without artificial intelligence as an assistant. However, generative AI is becoming an accomplice in cyberattacks, according to Martin Brünn, founder of the Hamburg-based Advanced Systemhaus GmbH, which specialises in security solutions for businesses. "I know of around ten AI systems that were built solely to support attackers." Companies must respond to this new quality of AI-supported hackers, he stressed. The quality of deep fakes is improving all the time, making it increasingly difficult to distinguish genuine colleagues from software copies during video calls. Experts now recommend agreeing on a code word for when the supposed boss orders a bank transfer. Sam Altman, founder of Open AI, goes a step further and wants to use  ID scans to unmask fake employees.

The human factor is crucial for cybersecurity. The shortage of IT specialists is exacerbating the situation with around 663,000 unfilled IT positions expected in 2040, according to Bitkom estimates. Women are severely underrepresented when it comes to filling positions. This was evident at the Cybersecurity Summit 2025 where men were in the majority. Two men took part in the "Women in Cybersecurity" panel while the front rows of the main stage were full of female delegates. Women are perfect ambassadors because the term "IT" alone can be a deterrent. Yet, developing and establishing cybersecurity structures remains a cross-sectional task that requires expertise and communication skills. Purely technical aspects, such as coding, are increasingly being taken over by AI. "We need more diversity in cybersecurity, and in many cases, we need more women."
ys/pb