Security
Security is a key priority for eco. As a cross-cutting issue, it permeates all areas of application and levels of the Internet. In addition to a wide range of initiatives and services, a dedicated Competence Group addresses current security issues from the industry’s perspective. Complementing this, the Anti-Abuse Competence Group promotes internal exchange among members on current abuse-related topics, thereby strengthening collective expertise.
IT Security Survey
Once a year, eco surveys IT security experts as part of the “IT Security” survey to gather their assessments of the current threat landscape, their evaluation of key security issues, and their views on relevant developments and trends. The topics covered range from the general and individual threat landscape, through organisational and technical measures, to forward-looking industry trends.
On 27 October, eco published the results of the eco IT Security Survey 2025: How AI is Becoming the New Shield. The threat situation continues to be assessed as very high. At the same time, companies are acting increasingly strategically and with foresight. AI is establishing itself as a central element of modern security architectures: it enables early identification of attacks, faster detection of complex patterns in large volumes of data, and sustainable strengthening of cyber resilience. In this way, AI is increasingly becoming a protective measure in a dynamic and highly complex threat landscape.
The Future of Cybersecurity
The rapid development of digital technologies and the increasing interconnectedness of all areas of life present companies with a multitude of complex challenges. In the face of threats such as cyberattacks, data misuse and the manipulation of information systems, it’s becoming increasingly important to develop new strategies and solutions for protection.
In a world where artificial intelligence, the Internet of Things and quantum computing are gaining in importance, new opportunities are opening up, but so are new risks. At the meeting of the Security Competence Group on 11 March, experts discussed key future topics in cybersecurity and analysed how innovative approaches can be used to make the digital world safer.
OT Security
At the event “Security meets Operational Technology” on 13 May, experts discussed the increasing convergence of IT and OT and the resulting security risks for companies. Modern production facilities, sensors and control systems are now highly connected and therefore more vulnerable to cyberattacks, which is why OT security must be given greater priority. During the event, it was emphasised that companies should implement measures on three levels: cultural, technical and organisational.
At the cultural level, the aim is to view OT more strongly as part of the IT security strategy and to systematically record all OT devices in use. Technically, companies should, among other things, segment networks, reduce unnecessary access points and implement basic security measures such as VPNs or monitoring. Organisationally, it was emphasised that IT and OT teams must work more closely together and define clear responsibilities to ensure a holistic security strategy.
Disinformation Security
In times of increasing connectivity and global crises, disinformation – for example in the form of deepfakes, artificially generated profiles and targeted online campaigns – is becoming increasingly relevant in political and societal terms. It influences public discourse, undermines trust in the media and poses a serious challenge to democratic processes.
During the meeting of the Security Competence Group on 24 June, this topic was therefore examined from a cybersecurity perspective. The focus was on the question of what impact targeted disinformation has on our society, political stability and trust in digital media – and to what extent IT security technologies can help counteract such developments.
In addition to providing in-depth technical insights, the event offered members of eco and EuroCloud the opportunity to discuss technical, legal and ethical aspects through joint dialogue.
Quantum Cryptography
As part of Global Encryption Day 2025 on 21 October, the Security Competence Group hosted the webinar “Quantum cryptography – the future of secure communication”, during which experts discussed the impact of quantum computers on today’s encryption systems. The focus was on the growing power of quantum computers, which could in future break common asymmetric encryption methods such as the RSA cryptosystem – a scenario often referred to as Q-Day. Against this backdrop, speakers emphasised that companies and public institutions should develop strategies for quantum-secure communication at an early stage, as the migration to new methods could take several years. Two technological approaches were discussed in particular: post-quantum cryptography, which is based on new mathematical methods, and quantum key distribution, which utilises the physical properties of quantum mechanics for secure key transmission.
In addition, challenges relating to standardisation, certification and integration into existing IT infrastructures were addressed. The webinar made it clear that quantum-secure communication already plays a strategic role in IT security and digital sovereignty today.
Digital Identities
The meeting of the Security Competence Group on 18 November focused entirely on modern identity infrastructures. The discussion focused on the central role that digital identities play in ensuring secure access to systems, data and digital services within interconnected IT landscapes. Alongside technological fundamentals, practical use cases were also presented – for example, in connection with identity management, role-based access systems and new approaches such as the EUDI Wallet.
Another key focus was on how companies can meet both security requirements and regulatory mandates through interoperable and cryptographically secured identity solutions. The speakers also highlighted the importance of topics such as crypto-agility, certificate management and automated identity processes for resilient IT infrastructures. The event thus offered participants both technical insights and a forum for discussing the challenges and prospects of secure digital identities in business and public administration.
Cyber resilience
At the webinar “Security Operations Centre 2.0 – Resilience as a Strategic Success Factor in Cybersecurity” on 25 November, experts discussed the future role of modern Security Operations Centres (SOCs) in an increasingly complex threat landscape. The focus was on how companies can further develop their security structures in the face of rising cyber risks and new regulatory requirements – particularly those arising from the NIS2 Directive.
A key conclusion of the event was that a next-generation SOC must no longer be focused solely on responding to security incidents, but must actively contribute to strengthening cyber resilience. This includes, among other things, greater strategic integration of security processes, continuous risk analysis and better integration of technical and organisational measures.
ISD 2025
The Internet Security Days (ISD) 2025 once again brought together experts from business, academia, politics and public administration at Cologne’s RheinEnergieSTADION on 15 and 16 September to discuss current cyber threats, new technologies and the political framework. A key topic was email security as part of the “Year of Email Security” proclaimed by the Federal Office for Information Security (BSI), supplemented by workshops, presentations and discussions on the practical implementation of relevant security standards.
Other key areas of focus included the security of digital infrastructures as the foundation for digital transformation and cyber resilience – that is, strategies for defending against ransomware, phishing and other threats. Alongside the technical programme, events such as Security Night powered by F5 and a stadium tour offered additional networking opportunities. Overall, the event highlighted the complexity of IT security and the need for collaboration, innovation and broad exchange.
Further information here.
Publications, short studies and news
- Cybersecurity Trends 2025
- Launch of the Electronic Patient Record: 65% of Germans Feel Poorly Informed
- “Change Your Password Day”: 5 Tips from eco
- NIS2 and the ENISA “Implementing Guide”: How Digital Companies Can Effectively Enhance Their Cybersecurity
- eco Association: Europe Urgently Needs a Successor for Stopped CVE Database
- 7 Current Challenges in OT Security
- eco Expert Exchange: Future Topics in Cybersecurity
- Buying Mother’s Day Gifts Online: Beware of Nasty Surprises!
- IT–OT Convergence: eco Experts Recommend Action on Three Levels
- BKA Situation Report Confirms Urgent Need for Action: eco Calls for Consistent Cyber Resilience Strategies
- Smartphones: A Holiday Hazard? eco Survey Reveals That One in Three People Do Not Protect Their Data
- Focus on Email Security: Apply Now for the BSI Hall of Fame
- Focus on Cyber Resilience: Threat Awareness at a Record High
- Digital Resilience Requires Clarity: Practical Cybersecurity Rules for Companies Needed
- NIS 2 Cabinet Decision Is Here: Questions Remain
- Confidential AI: A New Safe Space for AI Models
- 100 Years of Quantum Research: Cryptoagility as a Key Strategy for Resilient Systems
- Hall of Fame: Visible Recognition for Pioneers in Secure Email Traffic
- eco on the German Cabinet Approval of KRITIS Act: Act Swiftly, Avoid Duplication
- eco Launches Comprehensively Renewed Security Survey
- eco and cyberintelligence.institute: Joining Forces for Greater Cyber Resilience
- Cybersecurity in Focus: Looking Back at the Internet Security Days 2025
- Quantum Cryptography: The Future of Secure Communication
- eco IT Security Survey 2025: How AI Is Becoming the New Shield
- eco on NIS-2: Late Start, Now Critical – Germany Must Create Trust and Clarity
- eco Survey: Citizens Dissatisfied with Digital Administration – Digital Wallet Could Be a Turning Point
Interviews with our members
- Red Teaming: Hacking – Ethically!
- Zero Trust in SMEs: From Buzzword to Strategy
- Detect OT CyberThreats in Miniature Replicas
- Trust Is Built on Dependability
- 5 Questions for Constantin Schröder, i-doit
- 5 Questions for Tim Cappelmann, AirITSystems
- DDoS Protection Reimagined: AI and Automation as the Answer to Modern Attacks
- IT Security in SMEs: “Management Often Underestimates the Importance of Cyber Resilience”
- Dr Julian Weber, Do We Need a “Digital Airbag”?
- Mixed Forest Instead of Monoculture: Resilience as the Key to the Digital Future
- Deep Fakes: A Challenge for Business and Society
