The BSI has granted non-compliant companies until 31 July 2026 as a final deadline for NIS2 registration, signaling an end to previous non-enforcement.
One in six breaches involves third parties, and even rapid patches fail to prevent most incidents—therefore incident exercises must prioritize operational resilience and third-party scenarios.
Cyber resilience is becoming a strategic business question, requiring CISOs to assume business responsibility and integrate regulatory requirements into governance processes.
Schleswig-Holstein and the BSI are expanding their cybersecurity partnership to defend against DDoS and ransomware attacks, which since 2022 have occurred in 123 registered incidents, predominantly from politically motivated and Russia-affiliated groups.
A well-thought-out forensic readiness strategy with logging infrastructure, inventorying all network assets, and a predefined crisis team shortens downtime and secures evidence with legal force.
Germany’s NIS2 law becomes mandatory in December and obligates approximately 29,500 companies to implement standardized information security management, risk governance, and incident reporting.