• Criminals are using AI as a catalyst for ever-more-powerful cyberattacks on the economy: KÖTTER Security’s security conference highlights this new top threat
• Friedrich P. Kötter: “Corporate security must now, at the very latest, be a top priority” / 
Management faces significant liability risks in the event of breaches of duty, including under NIS2

Hybrid threats from physical and digital attacks are putting Germany under increasing pressure. Cyberattacks top the risk scale – and are being massively accelerated by the criminal use of Artificial Intelligence (AI). This is because AI creates new automated possibilities and thus acts as a catalyst for cybercrime, as demonstrated, among other things, by the drastic rise in phishing and ransomware attacks aimed at data theft and extortion. Around 170 experts discussed the implications for corporate security today at the STATE OF SECURITY conference organised by KÖTTER Security and German Business Protection in Berlin.

“AI is transforming the economy, society and security architectures at breakneck speed. It opens up enormous opportunities – yet at the same time, new risks, new dependencies and new responsibilities are emerging,” emphasised Friedrich P. Kötter, member of the Board of Directors of the KÖTTER Security Group, at the event at the Allianz Forum. “If the protection of our companies has not long been a strategic management task, it certainly is now – in the age of artificial intelligence.”

Reason: Companies today are no longer exposed solely to traditional IT attacks. Attacks are increasingly targeting networked infrastructures, hybrid working environments, industrial control systems and complex supply chains. At the same time, the boundaries between physical and digital crime are becoming increasingly blurred. “Corporate security today means taking a holistic view of risks. It is about resilience, prevention and the ability to be prepared for complex threat scenarios,” explained Friedrich P. Kötter. Corporate protection therefore requires a proactive strategy that encompasses not only infrastructure but also technical systems, data security, legal compliance, clear responsibilities and targeted staff training.

He therefore appealed to the sense of responsibility of every business leader: “Security must not only begin once an incident has occurred. It must be an integral part of corporate strategy. Those who protect buildings must also protect data. Those who secure IT systems must likewise integrate physical access points, processes and employees into the security strategy.” In this context, artificial intelligence offers a wide range of opportunities, for example in the form of AI-supported security systems that detect anomalies earlier, prioritise risks and significantly reduce response times.

At the same time, the family entrepreneur pointed out that corporate security, and cybersecurity in particular, must be a “top priority” for a second reason: New regulatory requirements, such as the EU NIS2 Directive (Network and Information Security Directive) – which will also apply in Germany from the end of 2025 – finally make the management and control of security and risk management a mandatory management task – including personal liability risks for directors in the event of breaches of the duty of care.

The subsequent presentations and discussions built on this. They focused, among other things, on the opportunities AI offers for increasing efficiency, process automation and risk detection – and the responsibilities that arise from this. “For example, new vulnerabilities and security risks arise when AI applications are rolled out under significant time pressure without sufficient consideration being given to protective mechanisms and operational resilience concepts from the outset,” warned Prof. Dr Dennis-Kenji Kipker, Research Director at the cyberintelligence institute. “In uncertain times, companies must therefore consider digital innovation and hybrid security as a unified whole.”

Consequently, regulatory requirements such as the EU AI Act or the NIS2 Directive are increasingly coming to the fore. “Companies face the challenge not only of deploying new technologies efficiently, but also of integrating transparency, security and compliance requirements into existing processes at an early stage,” said Dr Carolin Schilling-Schulz, lawyer and partner at Arnecke Sibeth Dabelstein. “It will be crucial to view regulatory requirements as a strategic component of sustainable corporate development.”

Speakers and panellists also included Prof. Dr Key Pousttchi (Founder / Institut für Digitale Transformation GmbH), Marvin Schulz (Member of the Bundestag / Committee on Digital Affairs and State Modernisation), Ralf Schneider (Head of AI Security & Security Consulting / Deutsche Telekom Security GmbH), Franziska Weindauer (Managing Director of TÜV AI. Lab, a joint venture of the TÜV companies Süd, Rheinland, Nord, Hessen and Thüringen) and Matt Kish (Head of Situation & Intelligence Analysis / Head of Data & AI Hub / Siemens AG Corporate Security). The session was moderated by Christine Kipke.