The decision to largely exempt IT security from the restrictive requirements of the debt brake is a decisive step that highlights the growing importance of cyber security. The frequent lip service paid to strengthening IT security thus falls short of the actual investment needs – a long overdue development in times of increasing cyber threats.
By no longer counting spending on IT security above the 1 per cent of gross domestic product threshold towards the debt brake, significantly more funds should be able to flow into critical areas such as the Federal Office for Information Security (BSI) in the future. This could not only help to improve the country’s defences against cyber attacks, but also increase its ability to respond to security-related incidents. The parallels to exceptions for the Bundeswehr, disaster and civil protection, and the intelligence services also underscore the fact that strategically relevant areas should take precedence over strict fiscal restrictions.
At the same time, this exception also raises questions: how will the additional financial resources be used in practice, and how can we be sure that the money will be invested efficiently and purposefully in the expansion of IT security infrastructures? It remains to be seen how detailed the further content design will be when the plans are discussed in parliament. Nevertheless, the agreement between the CDU/CSU, SPD and Greens – despite their different fiscal policy positions – signals a remarkable consensus when it comes to protection against digital threats.
Overall, the planned measure represents an important impetus that could help to better prepare Germany for the challenges of digital transformation and the associated security risks. At the same time, it shows that fiscal policy leeway is necessary to be able to react flexibly and appropriately to rapidly changing threat situations.