Trending Topics Cybersecurity – March 2025

The future of the EU-US Data Privacy Framework (DPF) is in jeopardy – posing a huge compliance risk for thousands of European companies that depend on legally compliant data exchange with the US. The laboriously negotiated data protection agreement has been severely jeopardized by Donald Trump's first official acts in January 2025. His administration demanded the resignation of the Democratic members of the Privacy and Civil Liberties Oversight Board (PCLOB), effectively incapacitating this central supervisory body. Without a functioning PCLOB, the DPF lacks a crucial pillar on which the EU Commission relied for its adequacy decision.

Trust in the US is crumbling

In addition, Trump issued an executive order ordering a review of all of his predecessor Biden's national security decisions – including those required for the DPF. In light of this, the Federation of German Industries (BDI) is already warning of “devastating consequences” should the agreement be overturned. Meanwhile, European data protection authorities, particularly in the Netherlands, Norway and Denmark, are sounding the alarm about the risks of storing sensitive data with US cloud providers.

The uncertainty does not only affect the technology industry. Research institutions, clinical study networks and hospital systems that depend on secure data exchange are also facing significant challenges. Experts such as Max Schrems are already advising companies to develop a “host in Europe” contingency plan. Tensions between the EU and US data protection philosophies are noticeably intensifying under Trump – with potentially far-reaching consequences for transatlantic economic relations.

The Top IT Security Topics in March

European data protection authorities warn against US clouds

More and more European countries, particularly the Netherlands, Norway and Denmark, are sounding the alarm about the risks associated with storing sensitive data with US cloud providers. They fear the loss of digital sovereignty and that strict data protection regulations could soon make such practices legally untenable in Europe.

German domestic intelligence agency warns NGOs of cyber attack risks

The German Federal Office for the Protection of the Constitution has warned several civil society organizations that they are increasingly the target of Russian cyber attacks. This warning underscores concerns about the security of these organizations in the context of growing geopolitical tensions.

Software vulnerabilities traded for millions

Security vulnerabilities that allow information to be tapped or systems to be infiltrated are in high demand. The Russian vulnerability dealer Operation Zero is charging 4 million US dollars for an unpatched vulnerability in the Telegram messenger program. Vulnerabilities in Signal, WhatsApp or iMessage are remunerated with up to 1.5 million US dollars. The company's customers include public authorities and private organizations in Russia.

Countering AI with expertise

A survey of experts conducted by the trade journal Computerwoche showed that attackers are currently benefiting from AI-supported solutions, while human expertise continues to dominate on the defenders' side – in contrast to cybercriminals, security officers have no leeway for errors and inaccuracies. Christof Klaus, Director Global Network Defense at Myra Security, explains: “When it comes to AI, companies have to identify and secure all possible attack vectors. Attackers, on the other hand, only have to find a single weak point.”

German economy on alert: Trump could overturn EU-US data protection agreement

The Federation of German Industries (BDI) warns of “devastating consequences” for companies and public authorities if US President Donald Trump were to revoke the EU-US Data Privacy Framework, which enables the legally secure exchange of data between the EU and the US. Both the BDI and the German Chamber of Industry and Commerce (DIHK) fear massive legal uncertainties and liability risks for companies of all sizes, while experts are already advising affected companies to prepare for this possible development with “exit strategies”.

Switzerland: Cybercrime hits financial industry particularly hard

According to the 2024 police crime statistics, digital crimes in Switzerland have increased by 35 percent, with the misuse of online payment systems and identity theft standing out in particular, with an increase of over 100 percent. Cybereconomic crime has more than doubled since 2020 to 55,413 cases, while the clearance rate of just 14.2 percent is well below the average for other crimes.

Cyberattack on Polish space agency

The Polish space agency POLSA was the target of a cyberattack in early March, prompting it to disconnect its networks from the internet to prevent further damage. Who was behind the attack and whether data was leaked is still part of the ongoing investigation.

Study reveals deficiencies in municipal cybersecurity

Many municipalities are poorly prepared for cyber attacks, but this is not only due to a lack of financial resources, but above all to a lack of awareness in the municipal political landscape. This is the result of a recent study by the cyberintelligence.instutite. According to the study, the neglect of sustainability and resilience in digitization, as well as the lack of a unified cyber security strategy at the federal level, contribute to the endangering of municipal infrastructure.

400,000 euros in damages: cyber fraud in Dülmen

The city of Dülmen has announced that it has been the victim of cyber fraud in which around 400,000 euros for the purchase of fire engines were transferred to a fake account. Despite compliance with the four-eyes principle and several verification points, the fraudulent invoice, which was sent by email, was not recognized in time.

ECB increases focus on cybersecurity in the banking sector

The European Central Bank (ECB) plans to increase its scrutiny of how banks deal with cyber risks this year, as emphasized by ECB President Christine Lagarde in the banking supervisory authority's 2024 annual report. In view of increasing economic, geopolitical and climate-related risks, Claudia Buch, the ECB's chief banking supervisor, is calling on banks to adapt their risk management frameworks and prepare for negative scenarios.

New BSI security requirements for databases

The German Federal Office for Information Security (BSI) has published new IT security requirements for database systems that are designed to support IT administrators and decision-makers in selecting and securely implementing solutions. The key points focus, among other things, on central security aspects such as preset security, hardening and logging.

Research to protect against AI attacks in Dresden

Researchers at the Technical University of Dresden are investigating methods to improve cybersecurity against AI-driven attacks on the internet. The goal of this initiative is to develop effective protective measures to counter the increasing threats posed by artificial intelligence technologies.

BSI and Schwarz Digits are cooperating on sovereign cloud solutions

The German Federal Office for Information Security (BSI) has entered into a strategic partnership with German cloud provider STACKIT (Schwarz Digits) to jointly develop sovereign cloud solutions for the federal administration. As part of this collaboration, the BSI is conducting risk and threat analyses to determine technical and structural security requirements that will apply to all cloud providers, regardless of location.

Trump's influence on data transfer to the USA

Companies that transfer data to the US face new legal challenges following Donald Trump's re-election, as he could reverse the EU-US Data Privacy Framework created under the previous Biden administration. The digital association Bitkom warns that European companies will face significant data protection risks and complicated processes when exchanging data with the US if this framework is repealed.

Myra WAF: Intuitive rule management thanks to a redesigned user interface

Myra's web application firewall (WAF) has received a comprehensive interface update. This makes creating and managing granular filter rules to defend against harmful HTTP/S traffic even more intuitive. Also new is the simplified Geo-IP blocking for targeted blocking of requests from certain countries.

Threat Assessment: Determine your individual cyber risk in just a few minutes

Cyber threats are constantly evolving – are you sufficiently protected? Our interactive threat assessment enables you to systematically evaluate the attack risk and protection level of your web resources and IT infrastructure. Assess your risk for common threats such as DDoS attacks, cross-site scripting, SQL injection, bot attacks and more, and get your personalized results and recommendations immediately.