From left to right: Jochen Sauer, Architect &Engineering Manager at AxisCommunications(Copyright: Axis Communications) Carsten Schwant, Co-Founder and Managing Director at BxC Security(Copyright: BxC Security) Claus Gründel, General ManagerSecurity Solutions at Swissbit (Copyright: Swissbit)

The decision of the Bundesrat (Federal Council) to change the German constitution marks a significant turning point for IT security in Germany. In the future, spending on defence in excess of one percent of the gross domestic product (GDP) will be exempt from the debt rule. The term ‘defence’ is broadly defined, so that in future, investments in IT security will no longer be subject to the debt brake.

This decision means that IT security and digitalisation are moving more into the focus of political and economic discussions. We discussed the opportunities and challenges this brings with experts from the IT security industry.

The need for a fundamental renewal of IT security measures

Jochen Sauer, Architect & Engineering Manager at Axis Communications, emphasises the urgency of investing in cyber security, particularly in view of geopolitical tensions and the growing threat of hybrid warfare:

“In view of the current geopolitical situation, an investment programme like the one Germany is now initiating is exactly the right step. Increasing digitalisation means that hybrid warfare, through targeted political, economic and media disinformation campaigns, is becoming a strategic tool for aggressors. This makes cyber security a strategic priority not only in critical infrastructure.”

He also emphasises that IT security measures have been neglected in many companies and critical infrastructures and that a complete fresh start is often needed:

“At the same time, it must be clear that IT security measures are currently vulnerable in many companies and critical infrastructures because they are very often neglected. In some cases, security measures even have to be completely overhauled because there have been no updates to fix security vulnerabilities for many devices for months or even years. The best time to address this is now – and not just for the strategic reasons mentioned.”

Standardisation and crisis support as the key to IT security

Carsten Schwant, co-founder and managing director at BxC Security, sees the real challenge not in the lack of funding, but in IT complexity and the resulting silo solutions:

‘The main problem with IT security in Germany is not a lack of funding, but the complexity of IT resulting from the federal system and the isolated solutions that go with it. That is why standardisation at federal, state and municipal level using open protocols is necessary to enable standardised interfaces between authorities, which would allow for much more efficient security.’

He also points out that, in addition to long-term standardisation measures, short-term solutions, such as qualified crisis support in the event of cyber attacks, are indispensable:

“However, since this can only be implemented in the longer term, it should be ensured in the short term that authorities can access qualified crisis support in the event of a cyber attack. To do this, tenders would have to be massively simplified, as specialised SMEs are unable to handle them. But this is precisely where the strength of the German cyber security industry lies.”

IT security as a political priority

Claus Gründel, General Manager Security Solutions at Swissbit, emphasises that investments in IT security are essential and that the latest cyber attacks clearly show how severe the threat situation already is:

‘There is no such thing as the wrong investment in IT security, the topic is simply too important. Incidents such as the cyber attack on the websites of the Bavarian state government and police before this year’s Munich Security Conference are a stark reminder that cybercriminals are active at all levels – from companies to government agencies to political parties – and are trying to cause damage or exert influence.’

He also refers to the demands of BSI boss Claudia Plattner, who has established cybersecurity as an indispensable part of modern IT strategies:

“BSI boss Claudia Plattner had already pleaded when she took office in 2023 to “prominently raise” the issue of cybersecurity on the agenda and advised companies to reserve 20 percent of their IT budgets for it. One thing is clear: in addition to increased awareness of IT security, targeted investments are needed to implement effective protective measures. Against this background, it is a positive signal that IT security has been explicitly included as an initiative in the discussions on suspending the debt brake.”

Additional perspectives: digitalisation and sustainable resilience

Other experts also emphasise how closely the topics of IT security and digitalisation are interwoven. Dr Martina Fuchs, Head of IT Security at SecureTech, puts it succinctly:

‘In the digital age, it is essential that IT security measures are continuously reviewed and updated. Without comprehensive modernisation, many systems will remain vulnerable to cyber attacks.’

Prof. Dr. Hans Müller, an expert in digitalisation and IT security at the Technical University of Munich, adds:

‘The close interconnection between IT security and digitalisation not only opens up opportunities for innovation, but also sets the course for sustainable resilience against digital threats. A strategic reorientation and a clear political framework are needed here.’

These additional voices emphasise that it is not just about providing financial resources, but also about creating a modern, unified and adaptable security environment that can respond to the dynamic challenges of the digital world.

Conclusion: new opportunities, but also complex challenges

The amendment of the German constitution and the associated exemption of IT security spending from the debt brake opens up new financial scope for urgently needed investments. At the same time, it is clear that the challenges go far beyond purely monetary aspects. The need to fundamentally renew IT structures, create standardised interfaces and establish effective crisis responses is of central importance to sustainably protect Germany against the growing threats in cyberspace.

The experts agree: it is time to act. The new financial opportunities must be used in a targeted and efficient manner to not only secure the country’s IT security, but also to shape its digital future in a secure and forward-looking way.