DE EN

Cybercrime – Trendwechsel: Mittelständler jetzt im Fadenkreuz der Hacker?

07/11/2025

Cybercrime – Trendwechsel: Mittelständler jetzt im Fadenkreuz der Hacker?

The IT threat landscape has always been an arms race. Anyone who has spent more than five minutes dealing with IT security knows this. It is the reason why threat intelligence products have their raison d'être and why companies have to regularly introduce new tools and processes to avoid falling victim to cyberattacks by hackers.

This makes it all the more important to detect trends in the threat landscape at an early stage in order to minimize the risk to one’s own company.

One indicator of such a trend change can be found, for example, in the Cybersecurity and Resilience 2025 report published by Allianz Commercial a few weeks ago, which analyzes threats from the perspective of insurers.

The following statements from the report are particularly interesting:

  • Damages and risks for companies arise in particular from operational failures and restrictions (so-called consequential damages), technical errors, and legal disputes involving data breaches. In contrast, the total damage caused by cyberattacks halved in the first six months of 2025. However, this mainly concerns large cyberattacks with damages exceeding EUR 1 million (typically targeting large/enterprise companies).
  • While ransomware attacks remain the main driver of cyber insurance claims, according to the Verizon 2025 Data Breach Investigations Report and the Allianz Risk Barometer, small and medium-sized enterprises are increasingly becoming the focus of hacker groups.
  • Service providers are a particularly popular target (18% of all cyber incidents) due to their high degree of connectivity to other companies.
  • However, general supply chain attacks (including those on cloud providers and suppliers) have more than doubled compared to the previous year (from 6% to 15%).

The report thus reveals the first signs of a trend reversal. It is no longer just companies that are being targeted directly by groups, but also the adjacent IT ecosystem (i.e., service providers, suppliers, and partners). However, it is also apparent that the measures taken by large companies are having an effect, either preventing cyberattacks or reducing the extent of the damage.

In addition to the enterprise environment, however, it is now becoming apparent that small and medium-sized enterprises are increasingly becoming the focus of attention. Due to their low IT budgets and the associated lower investment, they are attractive targets for attack. The resulting lack of security measures not only makes these companies attractive targets, but sometimes also easy ones.

But what measures can small and medium-sized enterprises put in place to protect themselves if resources are minimal? Below, we have described a selection of measures that you can and should implement in these cases.

But what measures can SMEs establish to protect themselves even with minimal resources? Below is a selection of measures that SMEs can/should implement:

1. Knowledge of applicable requirements from legal texts and specifications

Both in generally applicable texts, such as the upcoming NIS2 Implementation Act (NIS2UmsuCG), and in industry-specific regulations such as DORA, TKG, or EnWG.

Unfortunately, simply knowing these requirements is usually not enough. SMEs must also ensure that they are applied and established. This includes, for example:

  • The implementation of risk management measures,
  • The implementation of business continuity management systems (BCMS), or
  • Compliance with cyber hygiene measures

In most cases, small and medium-sized enterprises cannot meet these requirements immediately and in full. It is therefore necessary to focus initially on the minimum requirements. It is not without reason that the NIS2UmsuCG requires "national and international standards" to be taken into account during implementation, drawing on ISO 27001, among other standards, which enables the continuous improvement of implemented measures. It is therefore necessary, especially when budgets are tight, to distinguish between mandatory, target, and optional requirements.

2. Securing the adjacent IT ecosystem

The report also shows that potential attacks and compromises do not necessarily occur directly, but sometimes also via third parties. In many cases, service providers, suppliers, or even partners can suddenly become a threat. This may be because hackers use their access data for attacks or because service or supply failures lead to operational downtime.

In such cases, it can be essential to know your own supply chain, which service providers are used, and what risks their use may entail. The identification, assessment, and treatment of these risks are summarized under the term third-party risk management. The aim is to avoid negative effects caused by errors, failures, or violations by third parties.

Identifying risks, assessing them, and implementing risk management strategies is nothing new. However, more important than knowing all the risks is filtering out those that have a direct or indirect impact on ongoing operations, i.e., critical business processes. With the insights gained from this, it is then possible to set up a business continuity management system (BCMS) that ensures the functioning of critical business processes even in the event of third-party failure through restart and emergency plans.

However, it is not enough to anchor these management systems and plans in the organization and processes; much more important are the following:

  • Regular training of employees on IT security aspects and their impact on everyday work, and
  • Periodic simulations of emergencies and crises.

After all, if employees do not know how to recognize an attack or how to behave correctly in the event of one, even the best-documented plans are useless.

In addition to critical business processes, IT must be analyzed, evaluated, and hardened against cyberattacks in its supporting function. This means implementing cyber hygiene measures such as network segmentation (separation of operational and office networks), backup management, patch management, authorization management (including multi-factor authentication or continuous authentication for communication and emergency communication systems, as well as password management), and the use of endpoint detection and response (EDR) to protect against ransomware, among other things, must be established, continuously reviewed, and optimized.

However, hacker groups and other cybercriminals are not standing still either. Their attack strategies and methods are constantly changing. In order to stay informed and adapt your own security measures to these changes in a timely manner, cyber threat intelligence services, including exchanges with other experts, are essential for keeping an eye on the current security situation.

At Complion, we are happy to support you with our expertise in designing and establishing essential cybersecurity measures in your company. We support you in securing your IT ecosystem and provide you with up-to-date threat intelligence insights, inform you about risk management and BCMS concepts without obligation, and support you in training your team.

Our many years of practical experience in this area have helped numerous customers to protect themselves. We have already impressed everyone from large enterprises to smaller institutions.

Our practical experience and close cooperation with authorities and partners in the field of cybersecurity make us the right partner for you when it comes to third-party risk management in PRACTICE.

Feel free to contact us through mail@complion.de.