Trending Topics Cybersicherheit – January 2026

Cybersecurity is increasingly becoming a test of stability for the financial industry. While the Deutsche Bundesbank reports a constant barrage of billions of attacks per year, the Federal Financial Supervisory Authority (BaFin) once again lists cyber incidents as a key threat to the industry in its focus risks for 2026. Attacks via phishing, ransomware, and DDoS in particular endanger critical processes and core systems at financial institutions.

At the same time, analyses by the World Economic Forum show that many organizations lag significantly behind the actual threat situation in terms of investment, governance, and resilience measures—a gap that incidents such as the attack on the Institute of Public Auditors clearly highlight.

However, security managers at banks and insurance companies must not only address acute threat scenarios, but also factor in future attack vectors. The G7's new roadmap for post-quantum cryptography gives the financial sector a clear timeframe for when critical systems must be converted to quantum-secure procedures in order to protect confidential financial and customer data from future quantum attacks in the long term.

The top IT security topics in January:

Digital sovereignty: Government should secure control over key German companies

A recent survey by the digital association Bitkom shows that 79 percent of Germans want the government to intervene in the event of imminent takeovers of important companies by non-EU investors. Respondents are particularly critical of takeovers by investors from Russia (84 percent) and China (74 percent), while acceptance of investments from the US and Japan is significantly higher.

Bundesbank fends off 2.5 billion cyberattacks annually

The Deutsche Bundesbank registers over 5,000 cyberattacks per minute on its IT systems, which equates to approximately 2.5 billion attacks annually. Bundesbank President Joachim Nagel admits that despite comprehensive protective measures such as security-checked personnel and robust cyber defense, no absolute security promise can be given. However, in the event of a crisis, the supply of cash via the branch network throughout Germany is always guaranteed.

World Economic Forum warns: Cyber risks are growing faster than defenses can keep up

According to a recent study by the World Economic Forum (WEF), cyber attacks are becoming one of the biggest global business risks. The primary catalysts for the threat situation include geopolitical tensions and the use of AI. At the same time, many companies are still investing too little in their cybersecurity. They suffer from a shortage of skilled workers and underestimate the impact on supply chains and critical infrastructure. According to the WEF, there is a need for significantly more responsibility at the executive board level, international cooperation, and targeted investments in resilience and incident response.

BaFin risks in focus in 2026: Supervisory authority warns of cyber incidents and dependence on IT service providers

Cyber attacks on financial institutions are considered one of BaFin's key focus risks in 2026, particularly with regard to disruptions in payment transactions, core banking systems, or critical processes. Institutions are increasingly under attack from phishing, ransomware, and DDoS attacks. In addition, the supervisory authority sees considerable risks in the increasing concentration of outsourcing to individual IT and cloud service providers, as this can quickly lead to individual cyber incidents having systemic effects. Against this backdrop, the supervisory authority is calling for greater operational resilience, stricter management of outsourcing and ICT risks, and regularly tested emergency and recovery plans.

IDW gradually resumes operations after cyberattack

On January 10, the Institute of Public Auditors in Germany (IDW) was the target of a cyberattack that potentially compromised business and personal data and temporarily crippled key IT systems. Since mid-January, the systems have been cleaned, hardened, and restarted in several stages, while individual services remain restricted. At the same time, the IDW is keeping members and partners informed about the status of the recovery.

District hospital forced to temporarily close emergency room after cyberattack

Following an attack on the IT network of the Roth district hospital in Middle Franconia, the emergency room had to close temporarily, but can now be accessed again by the emergency services. In addition, the hospital has cut off its external internet connection as a precautionary measure. However, patient care remained unaffected. The Bavarian State Criminal Police Office and IT forensic experts are investigating the incident.

Nike investigates cyberattack – 1.4 terabytes of data published on the darknet

On January 22, 2026, the ransomware group WorldLeaks announced that it had captured 1.4 terabytes of Nike data comprising a total of 188,347 files from the period 2020 to 2026 and published it on the darknet after a deadline had expired. Nike confirmed that it was investigating a “potential security incident” and actively assessing the situation, but did not provide any information about ransom demands or the authenticity of the data.

European Space Agency ESA reports data theft

The European Space Agency (ESA) has confirmed a cyberattack on external servers in which around 200 GB of data is said to have been stolen. According to the attackers, this includes source code, tokens, access data, configuration files, and confidential documents. The ESA, however, emphasized that no critical operating systems for space missions were compromised.

G7 creates roadmap for quantum-secure cryptography in the financial sector

The G7 supervisory authorities are providing banks, insurers, and market infrastructures with a joint roadmap for the transition to post-quantum cryptography. The focus is on a phased, risk-based approach, from inventory and migration to ongoing testing. The aim is to protect critical systems against “harvest now, decrypt later” attacks in good time before powerful quantum computers become a reality.

Project Aegis: Lower Saxony introduces cyber shield

Due to increasing cyberattacks, the state government of Lower Saxony has invested around 30 million euros in a digital protective shield called Aegis. This is an AI-supported defense system from the US that independently recognizes attack patterns and learns from them. It is intended not only to improve the IT security of the state administration, but also to include local authorities and universities in the future.

EU revises Cybersecurity Act: more budget for ENISA, legally compliant certificates

The EU Commission has presented a comprehensive revision of the EU Cybersecurity Act to better address cyberattacks as a systemic risk. To this end, the European Cybersecurity Agency ENISA is to be expanded into an operational hub, with significantly higher budgets and new tasks such as central reporting platforms and shared situational awareness. In addition, cybersecurity certificates will serve as recognized proof that requirements such as those from the NIS 2 Directive or the Cyber Resilience Act are equally fulfilled.

For greater digital sovereignty: European vulnerability database launched

A free, publicly accessible vulnerability database from the GCVE initiative is now available at db.gcve.eu, which aims to reduce dependence on US databases and strengthen Europe's digital sovereignty. The platform currently bundles data from over 25 sources and follows a decentralized approach that, unlike the US CVE database, allows for the autonomous assignment and publication of vulnerability identifiers. An open API allows the EU database to be integrated into existing compliance and risk management tools.

Myra protects critical services with post-quantum cryptography

Quantum computers are evolving from a vision of the future into a real threat to common encryption methods, putting the foundations of today's IT security under increasing pressure. Myra therefore relies on quantum-secure technologies to effectively address current and future risks.

Bots – the drones of the internet

What is now visible through drones at airports and in crisis areas has long been commonplace in the digital space. Bots – the drones of the internet – have been attacking complex digital systems for years, bringing them to a standstill. Anyone who wants to effectively counter these swarms needs a protective infrastructure that makes visible what is flying, understands what is causing disruption, and acts before you yourself are hit.