Germany on High Alert: Cybercrime Report 2025 Reveals Escalating Threats, DDoS Attacks Soar

Berlin, Germany – May 13, 2026 – The digital landscape in Germany faces an unprecedented level of threat, a reality starkly illuminated by the Federal Criminal Police Office’s (BKA) recently published Federal Cybercrime Situation Report 2025. This comprehensive assessment underscores a persistent and intensifying risk from cyberattacks, prompting immediate and urgent calls to action from industry bodies. The eco – Association of the Internet Industry e.V. – has voiced its profound concern, asserting that the report unequivocally confirms an already tense cyber threat environment, with Distributed-Denial-of-Service (DDoS) attacks and the increasing professionalization of cybercriminal actors at the forefront of this escalating danger.

The findings presented in the BKA report, and subsequently echoed by eco, serve as a critical alarm bell for both the public and private sectors. With a significant surge in DDoS incidents and the sophisticated evolution of cybercriminal methodologies, the imperative for companies and public institutions to rigorously re-evaluate and fortify their cybersecurity postures has never been more critical. The digital integrity and operational continuity of Germany’s economy, state apparatus, and vital critical infrastructures hang in the balance, demanding a collective and decisive response.

The Alarming Surge in Cybercrime: A Chronological Perspective

The release of the Federal Cybercrime Situation Report 2025 in May 2026 offers a crucial snapshot of the escalating digital threats faced by Germany. This report is not an isolated incident but rather a continuation of a worrying trend observed over recent years, charting the evolution of cybercrime from isolated incidents to a highly organized, professionalized, and pervasive threat.

For over a decade, cybersecurity experts have tracked the transformation of cybercrime from the domain of individual hackers to sophisticated, enterprise-like operations. Initial attacks often focused on data theft or website defacement, but as the digital economy expanded, so too did the motivations and capabilities of cybercriminals. The mid-2010s saw the rise of ransomware, which quickly evolved from simple file encryption to sophisticated double-extortion schemes, targeting entire organizations. This period also witnessed the emergence of Ransomware-as-a-Service (RaaS) models, lowering the barrier to entry for aspiring criminals and democratizing access to powerful attack tools.

By the early 2020s, the concept of "professionalization" had fully permeated the cybercriminal underworld. This involved the establishment of hierarchical structures, specialized roles (e.g., initial access brokers, malware developers, negotiators, money launderers), and the use of dark web marketplaces for trading compromised credentials, exploits, and services. State-sponsored advanced persistent threat (APT) groups also intensified their activities, often blurring the lines between espionage, sabotage, and financially motivated crime, further complicating the threat landscape.

The 2025 report by the BKA thus reflects a culmination of these trends. It underscores that the threats observed are not merely sporadic acts of vandalism but rather systematic, often well-funded campaigns designed to inflict maximum disruption or financial gain. The sheer volume and increasing complexity of these attacks, particularly DDoS, indicate a significant leap in the operational capacity and strategic planning of threat actors. This historical context is vital for understanding why the 2025 findings are so concerning and why a robust, long-term strategy is indispensable for national digital security.

DDoS: The Weapon of Choice for Disruption and Extortion

Central to the BKA’s grim assessment is the alarming rise in Distributed-Denial-of-Service (DDoS) attacks. These assaults, designed to overwhelm and incapacitate online services, have become a preferred tool for cybercriminals due to their relatively low cost of execution, ease of deployment, and high potential for impact. A DDoS attack floods a target server, service, or network with a deluge of internet traffic, effectively making it inaccessible to legitimate users. This can range from simple volumetric attacks that saturate bandwidth to more sophisticated application-layer attacks that target specific software vulnerabilities, all with the goal of service disruption.

According to the BKA’s 2025 report, the number of DDoS attacks surged by a staggering 25 percent, reaching over 36,700 reported cases. This represents a significant escalation, indicating that threat actors are increasingly leveraging these attacks for various strategic objectives. Max Röttgermann, the newly appointed Head of eco’s Security Competence Group and Senior Product Manager for IP Transit and DDoS Defense at Deutsche Telekom, articulated this concern vividly. "The numbers from the Federal Cybercrime Situation Report show that cyberattacks are a permanent risk for the economy, the state, and critical infrastructures," Röttgermann stated. "DDoS attacks, in particular, are repeatedly used strategically to deliberately disrupt systems, tie up security resources, or generate public attention."

The strategic applications of DDoS attacks are multifaceted. Beyond simple disruption, they can be employed as a smokescreen to mask more insidious activities, such as data exfiltration or the deployment of ransomware. They can also serve as a powerful tool for extortion, with attackers threatening to launch or continue attacks unless a ransom is paid. The public visibility of a successful DDoS attack can also be weaponized, causing reputational damage and eroding trust in the affected organization.

The BKA report specifically highlighted that authorities, administrative bodies, and companies within the transport and logistics sectors were disproportionately affected by these attacks. These sectors are prime targets for several reasons:

• Criticality: Their operations are fundamental to societal functioning and economic stability, making their disruption highly impactful.
• Public Trust: Attacks on government services or public transport erode public confidence and can cause widespread panic.
• Supply Chain Vulnerability: Disruptions in transport and logistics can have cascading effects across entire supply chains, impacting industries far beyond the initial target.
• Data Sensitivity: Public sector entities often hold vast amounts of sensitive personal data, making them attractive targets for combined DDoS and data theft operations.

The increasing frequency and sophistication of these attacks demand a comprehensive and multi-layered defense strategy, moving beyond traditional perimeter security to embrace proactive threat intelligence and rapid incident response capabilities.

A Call to Action: eco’s Stance and Expert Insights

The eco – Association of the Internet Industry e.V. – has consistently championed the cause of a secure digital environment, and the BKA’s 2025 report only solidified their existing concerns. The association views the report as an urgent confirmation of its own assessment regarding a persistently tense cyber threat landscape. For eco, the strong increase in DDoS attacks and the observable professionalization of cybercriminal actors unequivocally underscore the critical need for both private enterprises and public institutions to undertake a thorough and critical review of their existing cybersecurity measures.

Max Röttgermann, a leading voice in Germany’s cybersecurity community, further elaborated on the gravity of the situation. His observation that cyberattacks constitute a "permanent risk" for the economy, state, and critical infrastructures encapsulates the shift from viewing cyber incidents as isolated events to recognizing them as an enduring and evolving challenge. This perspective necessitates a fundamental change in how organizations approach security – moving from reactive damage control to proactive, continuous risk management.

Röttgermann’s emphasis on the strategic deployment of DDoS attacks – to disrupt systems, exhaust security resources, or manipulate public perception – highlights the evolving motivations behind these assaults. They are no longer merely acts of digital vandalism but integral components of complex, often financially motivated or politically driven campaigns.

As an influential industry association, eco’s role is not just to echo concerns but also to advocate for practical solutions and foster collaboration. The association actively works to:

• Raise Awareness: Inform its members and the broader public about emerging threats and best practices.
• Facilitate Dialogue: Bring together experts from industry, academia, and government to develop common strategies.
• Influence Policy: Advocate for effective legislation and regulatory frameworks that support a secure digital infrastructure.
• Provide Resources: Offer guidance, reports, and competence groups to help organizations improve their cyber resilience.

eco’s pronouncements are thus a significant call to action, urging organizations across Germany to move beyond basic compliance and embrace a holistic, adaptive approach to cybersecurity that acknowledges the persistent and professional nature of modern cyber threats.

The Gaps in Preparedness: Insights from the eco-IT-Security Survey 2026

While the BKA’s report provides a macro view of the threat landscape, eco’s own IT-Security Survey 2026 offers a sobering micro-level perspective on the preparedness of German organizations. Conducted among 100 IT security experts, the survey revealed significant shortcomings in cyber resilience, particularly concerning incident response planning.

The findings are stark:

• Fully Tested Plans: A mere 17 percent of surveyed companies indicated they possessed fully tested Incident Response Plans (IRPs) for a comprehensive range of attack scenarios, including ransomware, supply chain disruptions, and DDoS attacks. This low figure suggests a critical lack of readiness for the multifaceted threats prevalent today.
• Selected Scenarios: 41 percent of organizations had established IRPs for only selected scenarios. While a step above having no plan, this leaves them vulnerable to unexpected or novel attack vectors.
• Basic Structures: 23 percent reported having only fundamental structures in place, implying rudimentary plans that might lack the detail or agility required for effective response.
• No Emergency Plans: A worrying 11 percent admitted to having no emergency plans whatsoever, leaving them entirely exposed to the potentially devastating consequences of a successful cyberattack.

These statistics paint a concerning picture of organizational preparedness. Incident Response Plans are the bedrock of cyber resilience, outlining the procedures and responsibilities for detecting, containing, eradicating, and recovering from cyber incidents. Without well-defined and regularly tested IRPs, organizations face:

• Extended Downtime: Protracted recovery periods, leading to significant operational and financial losses.
• Increased Costs: Higher expenses for forensics, recovery, legal fees, and reputational damage control.
• Data Loss or Corruption: Irreversible damage to critical data assets.
• Reputational Damage: Erosion of customer and stakeholder trust, potentially leading to long-term business impact.
• Regulatory Fines: Non-compliance with data protection regulations (e.g., GDPR) due to inadequate incident handling.

Max Röttgermann underscored this disparity between technical and organizational readiness. "Many companies are now investing in technical protective measures, but organizational preparation sometimes still lags behind," he noted. This highlights a common pitfall: focusing solely on acquiring advanced security tools without developing the accompanying processes, training, and human expertise required to effectively utilize them and respond to incidents.

The speed and quality of response are particularly critical during DDoS attacks. "Especially with DDoS attacks, the speed and quality of the reaction determine whether services remain stable or whether there are significant outages," Röttgermann explained. A swift and coordinated response, often involving specialized DDoS mitigation services, can mean the difference between a minor disruption and a complete collapse of online services. Therefore, eco strongly advises companies to "regularly test their crisis and escalation processes and implement concrete protection measures." This includes conducting tabletop exercises, simulating various attack scenarios, and refining communication protocols to ensure a seamless and effective response when a real incident occurs.

The Dual-Edged Sword of Artificial Intelligence

The rapidly evolving landscape of cybersecurity is increasingly shaped by artificial intelligence (AI), presenting both unprecedented opportunities for defense and formidable new tools for attack. As the BKA report suggests and eco acknowledges, AI-based tools are enabling cyberattacks that are faster, more targeted, and significantly harder to detect.

On the offensive front, AI empowers cybercriminals in several critical ways:

• Automated Reconnaissance: AI can rapidly analyze vast amounts of open-source intelligence (OSINT) to identify vulnerabilities, employee information, and network architectures, creating highly detailed attack profiles.
• Polymorphic Malware: AI can generate malware that constantly changes its code and behavior, making it extremely difficult for traditional signature-based antivirus solutions to detect.
• Advanced Social Engineering: AI-powered tools can craft highly convincing phishing emails, deepfake voice messages, or video calls tailored to specific targets, bypassing human scrutiny.
• Zero-Day Exploitation: AI can analyze software code for previously unknown vulnerabilities, potentially accelerating the discovery and exploitation of zero-day flaws.
• Adaptive Attack Campaigns: AI can dynamically adjust attack vectors and intensity based on real-time responses from defense systems, optimizing the chances of success.

This offensive capability creates an "AI arms race" in cybersecurity, compelling defenders to leverage AI just as effectively. On the defensive side, AI offers promising avenues for enhanced security:

• Automated Threat Detection: AI algorithms can analyze network traffic, log data, and user behavior in real-time to identify anomalies and indicators of compromise that human analysts might miss.
• Predictive Analytics: AI can learn from past attacks and threat intelligence to predict future attack patterns and proactively strengthen defenses.
• Automated Response: AI can automate parts of the incident response process, such as isolating compromised systems, blocking malicious IP addresses, or deploying patches, significantly reducing response times.
• Vulnerability Management: AI can scan code and systems for vulnerabilities, prioritize remediation efforts, and even suggest patches.
• Security Orchestration, Automation, and Response (SOAR): AI-driven SOAR platforms integrate various security tools to automate workflows, streamline investigations, and improve overall operational efficiency.

However, the effective deployment of defensive AI requires significant investment in data infrastructure, skilled personnel, and a deep understanding of machine learning principles. For many organizations, particularly SMEs, harnessing the power of AI for defense remains a considerable challenge, potentially widening the gap between well-resourced attackers and under-resourced defenders. Therefore, eco advocates for strategic investment in AI capabilities for defense, alongside a cautious yet pragmatic approach to its integration into security architectures.

Shaping the Future: Policy, Regulation, and Support for SMEs

Recognizing the multifaceted nature of the cyber threat, eco strongly advocates for a robust and coherent policy framework. From the perspective of the internet industry, there is an undeniable need for "clear, traceable laws, regulations, and guidelines" that are not subject to political whims or short-term agendas. These legislative instruments must be consistently enforced by "neutral oversight bodies" such as an independent Federal Office for Information Security (BSI).

The demand for clear, independent regulations stems from several critical observations:

• Consistency and Predictability: Businesses and public institutions require a stable regulatory environment to make long-term investments in cybersecurity. Frequent changes or politically motivated shifts create uncertainty and hinder effective planning.
• Expertise and Trust: Independent oversight bodies staffed by technical experts are better positioned to understand the evolving threat landscape and implement effective, technologically sound measures, rather than politically expedient ones. This fosters greater trust in the regulatory framework.
• Harmonization: Clear guidelines can help harmonize cybersecurity standards across different sectors and regions, reducing complexity and promoting a unified defense posture.
• Enforcement: An independent body with adequate resources and authority is crucial for ensuring compliance and holding organizations accountable for their cybersecurity obligations.

A particular focus of eco’s advocacy is the provision of enhanced support for Small and Medium-sized Enterprises (SMEs). These businesses form the backbone of the German economy, yet they are often the most vulnerable links in the cybersecurity chain. SMEs typically face significant challenges in building robust security and crisis structures due to:

• Limited Resources: They often lack the financial capital to invest in expensive security solutions or hire dedicated cybersecurity staff.
• Lack of Specialized Expertise: Access to qualified cybersecurity professionals is a major hurdle, with many SMEs relying on general IT staff who may not have specialized security knowledge.
• Perceived Lower Threat: SMEs sometimes mistakenly believe they are not attractive targets for cybercriminals, leading to complacency.
• Supply Chain Vulnerabilities: As crucial components of larger supply chains, a successful attack on an SME can have cascading effects on larger enterprises and critical infrastructures.

To address these vulnerabilities, eco calls for more targeted support for SMEs to sustainably strengthen their digital resilience. This support could manifest in several ways:

• Accessible Training and Education: Government-subsidized or free training programs on basic cybersecurity hygiene, incident response, and threat awareness.
• Affordable Security Solutions: Initiatives to provide SMEs with access to cost-effective, enterprise-grade security tools and services, potentially through shared platforms or subsidies.
• Information Sharing and Threat Intelligence: Mechanisms for SMEs to receive timely and actionable threat intelligence, tailored to their specific risks.
• Consulting and Auditing Services: Subsidized access to cybersecurity consultants for risk assessments and the development of tailored security strategies.
• Simplified Compliance Frameworks: Regulatory frameworks that are easier for SMEs to understand and implement, without compromising security standards.

By empowering SMEs, Germany can significantly bolster its overall national cyber resilience, protecting not just individual businesses but the entire digital ecosystem from the pervasive and professionalized threats outlined in the BKA’s 2025 report.

Broader Implications: Economic, Societal, and Geopolitical

The findings of the BKA’s Federal Cybercrime Situation Report 2025 and eco’s urgent response extend far beyond technical concerns, carrying profound implications across economic, societal, and even geopolitical spheres. A persistently high and escalating cyber threat level has the potential to reshape Germany’s future in fundamental ways.

Economic Implications:

• Direct Financial Losses: Cybercrime costs the global economy trillions annually, and Germany is no exception. Losses stem from business interruption, data recovery, legal fees, reputational damage, and ransom payments. These direct costs drain capital that could otherwise be invested in innovation and growth.
• Stifled Innovation and Competitiveness: Businesses, particularly those reliant on digital technologies, may become hesitant to adopt new innovations or expand their digital footprint if the perceived cybersecurity risks are too high. This can stifle economic growth and diminish Germany’s competitive edge in the global digital market.
• Supply Chain Disruption: As evidenced by the impact on the transport and logistics sectors, cyberattacks can cripple supply chains, leading to manufacturing delays, product shortages, and increased costs for consumers.
• Insurance Market Challenges: The escalating frequency and severity of cyber incidents are making cyber insurance increasingly expensive and difficult to obtain, leaving more businesses exposed.

Societal Implications:

• Erosion of Trust: Repeated attacks on government services, critical infrastructure, or personal data erode public trust in institutions, digital services, and the internet itself. This can lead to decreased participation in online activities and skepticism towards digital transformation initiatives.
• Disruption of Essential Services: Attacks on critical infrastructure (energy, water, healthcare, financial services) can have devastating real-world consequences, from power outages and medical service interruptions to financial instability, impacting the daily lives and well-being of citizens.
• Privacy Concerns: The constant threat of data breaches forces individuals to live with heightened concerns about their personal data, impacting digital rights and freedoms.
• Psychological Impact: Beyond the immediate disruption, cyberattacks can cause significant stress and anxiety for individuals and employees affected by data breaches or system outages.

Geopolitical Implications:

• State-Sponsored Attacks: Many sophisticated cyber threats originate from state-sponsored actors, blurring the lines between cybercrime and statecraft. These attacks can be used for espionage, intellectual property theft, or to sow discord and destabilize rival nations.
• Cyber Warfare: The escalating capabilities of threat actors, combined with the increasing reliance on digital systems, raise the specter of full-scale cyber warfare, where critical national infrastructure becomes a primary battleground.
• International Cooperation: The transnational nature of cybercrime necessitates robust international cooperation. Germany, as a leading economy, plays a crucial role in fostering global agreements and shared intelligence frameworks to combat these threats effectively. However, differing national interests and legal frameworks can complicate these efforts.
• Sovereignty and Digital Autonomy: Persistent cyber threats challenge national sovereignty in the digital realm, forcing nations to invest heavily in cyber defense capabilities and consider strategies for digital autonomy.

In essence, the BKA’s 2025 report is more than a technical document; it is a strategic warning. It underscores that cybersecurity is no longer merely an IT department concern but a fundamental issue of national security, economic prosperity, and societal stability. The implications demand a comprehensive, coordinated, and sustained effort from all stakeholders – government, industry, academia, and civil society – to build a truly resilient digital future.

Conclusion

The Federal Cybercrime Situation Report 2025, coupled with the eco – Association of the Internet Industry’s – insightful analysis, presents an unequivocal and urgent message: Germany’s digital infrastructure is under severe and escalating threat. The substantial increase in DDoS attacks and the relentless professionalization of cybercriminal enterprises are not merely statistics; they represent clear and present dangers to the nation’s economic stability, critical services, and public trust.

The eco-IT-Security Survey 2026 further exposes critical vulnerabilities in organizational preparedness, highlighting that while technical investments are growing, the crucial organizational and procedural aspects of incident response often lag behind. This gap between technological capability and human/process readiness is a significant Achilles’ heel in the face of increasingly sophisticated and adaptive attacks, particularly those now augmented by artificial intelligence.

Addressing this complex and dynamic threat requires a multi-faceted and concerted national effort. It demands not only continued investment in cutting-edge technological protection measures but, more importantly, a fundamental shift towards robust organizational processes, continuous training, and proactive policy-making. The call for clear, politically independent laws and regulations, enforced by neutral expert bodies like an empowered BSI, is crucial for establishing a stable and predictable security framework. Moreover, providing targeted support and resources to Small and Medium-sized Enterprises (SMEs) is paramount, as they often represent critical but vulnerable links in the national and international supply chains.

The implications of failing to adequately address these challenges are profound, extending from direct financial losses and stifled innovation to the erosion of public trust and potential geopolitical instability. Germany stands at a critical juncture where the resilience of its digital future hinges on the collective commitment and decisive actions taken today. By fostering collaboration between the public and private sectors, embracing continuous learning, and prioritizing comprehensive cyber resilience, Germany can navigate this turbulent digital landscape and safeguard its future in an increasingly interconnected world. The time for action is now.