Cybersecurity remains a fast-moving field as we enter the new year. Evolving threats, growing complexity and increasing regulatory requirements continue to shape the landscape. Looking back at the past year also raises an important question: What lessons should organizations take into 2026?

Today we’re speaking with Florian Walther, Head of Defensive Security.


2025 has already come to an end. Looking back, what were the biggest cybersecurity challenges organizations faced over the past year?

Florian Walther: From my perspective, 2025 was dominated by the persistently high number of ransomware attacks. These incidents placed enormous operational and organizational pressure on affected companies.

At the same time, supply chain attacks became even more significant, with attackers increasingly targeting service providers and trusted partners as their initial point of compromise.

We also saw a noticeable increase in AI-enhanced phishing and social engineering attacks. These campaigns have become significantly more sophisticated and much harder to detect.

In parallel, many organizations continued expanding their already complex IT environments, further increasing their attack surface. At the same time, companies had to adapt to new regulatory requirements such as NIS2 and the Cyber Resilience Act.


We’re now entering 2026. Which cyber threats do you consider particularly significant this year?

Florian Walther: One of the major topics in 2026 will be post-quantum cryptography. This is a critical year in which organizations should begin migrating towards quantum-resistant cryptographic algorithms in order to protect information that needs to remain secure over the long term.

At the same time, we can expect further advances in AI-driven and highly automated cyberattacks. Keeping pace with these developments will become increasingly challenging for defenders.

Another growing risk is the gradual loss of control over an organization’s own data, applications and business processes. As more services move to external providers and cloud platforms, companies inevitably relinquish part of that direct control.

We’re also seeing AI agents taking on increasingly complex tasks within organizations. These agents require privileged access to systems and data, making them attractive targets for attackers. In the future, adversaries may attempt to manipulate not only people, but AI agents as well, in order to obtain sensitive information or credentials.


Which regulatory developments should organizations prepare for, and what practical steps would you recommend?

Florian Walther: In preparation for NIS2, organizations should focus on the following priorities:

  1. Conduct an applicability assessment.
  2. Perform a gap analysis.
  3. Establish incident reporting obligations and incident response processes, including regular testing.
  4. Review and audit existing contracts with service providers.

The Cyber Resilience Act (CRA) introduces several additional requirements, including:

  1. Establishing a structured vulnerability management process.
  2. Defining clear reporting procedures.
  3. Creating and maintaining a Software Bill of Materials (SBOM).

Within the scope of DORA, organizations should primarily focus on:

  1. Improving and regularly testing their operational resilience.
  2. Auditing contracts with third-party service providers.

Artificial Intelligence has also become increasingly important within our own organization. Is there a useful AI trick or practical use case you’d like to share?

Florian Walther: I don’t really have a specific AI hack for business use.

Personally, however, I find it incredibly useful that AI can generate highly targeted exercises and practice tests for my children—for example when they’re preparing for school exams.

“Create an interactive mathematics test for a 6th-grade secondary school student in North Rhine-Westphalia on multiplying decimal numbers.”


Organized cybercrime groups received significant media attention this year, and we ourselves were involved in responding to incidents caused by several of them. What role will groups such as NoName or Qilin play in 2026?

Florian Walther: Ransomware groups such as Qilin and AKIRA were already highly active throughout 2025. In my opinion, that trend will continue into 2026 as these groups become even more professional and organized. As a result, detecting and responding to their attacks will only become more difficult.

In the area of politically motivated attacks, we’re also seeing a continued shift towards proxy actors, making it increasingly difficult to distinguish these operations from traditional Advanced Persistent Threats (APTs).


What advice would you give organizations to help them prepare for 2026?

Florian Walther:

  1. MFA everywhere.
  2. Maintain isolated backups—and regularly test your recovery procedures.
  3. Complete your NIS2 compliance initiatives.
  4. Train executive management on cybersecurity responsibilities and liability.

From the perspective of Defensive Security, what do you hope to see in 2026?

Florian Walther:

  1. MFA everywhere.
  2. Maintain isolated backups—and regularly test your recovery procedures.
  3. Complete your NIS2 compliance initiatives.
  4. Train executive management on cybersecurity responsibilities and liability.