For three days, Nuremberg will once again become the centre of the international cyber security community. With its open forums, it-sa Expo&Congress 2025, Europe’s largest trade fair for IT security, offers a packed programme of presentations that equally highlights technological trends, strategic issues and practical use cases. More than 400 presentations in six specialist forums promise a varied programme that is accessible free of charge to all trade fair visitors – and will be made available AI-supported in two languages for the first time.
‘We look forward to seeing you again in Nuremberg from 7 to 9 October 2025!’ say the organisers, emphasising the role of the trade fair as a central platform for exchange and knowledge transfer.
AI as a driver and threat
Hardly any other topic shapes the forums as much as artificial intelligence. The discussions range from opportunities through automation to completely new forms of attack. In the session ‘Beyond Automation: The Human Advantage in AI Red Teaming’, HackerOne shows why, despite advancing automation, human expertise remains irreplaceable in security testing.
In ‘Agentic AI in Security’, Microsoft Germany addresses the question of how autonomous AI systems can relieve security teams and save valuable time. At the same time, providers such as MHP Management warn of the dangers: their session ‘Next-level cyber attacks through AI’ illustrates how attackers use generative AI to circumvent classic defence mechanisms.
AI is also becoming a challenge in the area of awareness. ‘Have you clicked today? How modern CISOs protect their mailboxes against AI attacks’ by cybovate shows that phishing has reached a new level in the age of deceptively real deepfakes.
Cloud security in the stress test
A second focus is clearly on cloud security – and thus on the question of how hybrid IT landscapes can be operated securely. Practical examples are provided by NSIDE Attack Logic with their live hack ‘From Azure to on-premises: How hackers use the cloud as a springboard’.
secunet Security Networks shows in ‘Cloud sovereignty without compromise’ how companies can use cloud services securely even when dealing with the strictest protection classes up to ‘VS-NfD/GEHEIM’ (restricted/secret). And Tenable explores how companies can systematically identify and remedy cyber risks with ‘Exposure Management’.
With a view to business continuity, Pointsharp presents how organisations can remain operational in the event of loss of access to Microsoft Entra ID – a scenario that is underestimated in many companies.
Cyber resilience and regulation: From NIS2 to DORA
In addition to technical challenges, visitors are also concerned about the growing density of regulations. Sessions on the European directives NIS-2, DORA and the Cyber Resilience Act are a recurring theme throughout the programme.
HiScout addresses the interconnection of information security and emergency management in ‘NIS-2 and DORA: How ISMS and BCM interact in an emergency’. INFODAS, on the other hand, provides an update on IT baseline protection with ‘Grundschutz++’, which is likely to have far-reaching consequences for companies.
One thing is clear: regulation is not only an obligation, but can also be a driver for innovation. In ‘The Double Shield: Mastering DORA & NIS2’, QCA Quantum Cyber Analytics shows how companies can build digital resilience through smart compliance management.
‘it-sa Expo&Congress has become Europe’s largest trade fair for IT security solutions – and highlights how important it is to give this topic its own annual platform.’ – With this assessment, the organisers make it clear that regulation and innovation go hand in hand in Nuremberg.
Understanding attacks, strengthening defences
Classic threat scenarios – from ransomware to supply chain attacks – are also high on the agenda. SySS GmbH highlights attack techniques on future technologies in ‘The Future of Hacking’. accompio GmbH provides concrete insights from forensics and threat intelligence with its latest ‘Ransomware Situation Report 2025’.
Sessions such as ‘We hack like Hollywood (would never do)’ by SEC Consult, which addresses myths surrounding spectacular hacker attacks, are particularly practical. DriveLock, on the other hand, uses its ‘HYPERSECURE Platform’ to show what maximum digital sovereignty can look like in everyday business life.
‘The trade fair is one of the world’s largest dialogue platforms for industry-specific IT security solutions. It brings experts together in Nuremberg and is also a trend barometer for the entire IT security market.’ This statement aptly describes the significance of it-sa: as a marketplace for innovations and a seismograph for developments in the cybersecurity market.
Community and practical relevance
In addition to the purely technical sessions, the open forums also focus on community formats. Women in IT security, CISO alliances and European initiatives such as the ECSO give the industry a face and create space for exchange. The BSI will also be there, discussing Germany’s role in the European cybersecurity architecture in several presentations – for example, in ‘Let’s build Cyber Nation Germany together!’.
Conclusion
The open forums at it-sa 2025 are more than just a supporting programme: they are both a showcase and a seismograph for developments in IT security. In compact sessions, visitors gain insights into cutting-edge technologies, as well as concrete recommendations for everyday use.
Whether you are a CISO, developer, auditor or security officer, the mix of live hacks, strategic insights and regulatory updates makes the forums a must-attend event. Visitors to the trade fair should take advantage of this opportunity to gain a competitive edge in terms of knowledge.
‘From 7 to 9 October 2025, international IT security experts and decision-makers will once again meet at the Nuremberg Exhibition Centre to discuss challenges and trends in cyber security.’ – With this outlook, the organisers invite you to participate in Europe’s largest industry gathering.
👉 All presentations are accessible free of charge, can be accessed on demand via it-sa 365 after the trade fair and are available in German and English.
