DXC Technology (NYSE: DXC), a leading global Fortune 500 technology company, identifies five cybersecurity trends in 2025 that companies in Germany should prepare for.

1. AI as a cyber weapon for attack and defense
Cyber criminals are increasingly using artificial intelligence to improve the success rates of their hacker attacks. Phishing emails are being developed from simple deceptive emails to much more credible letters: For example, attackers are using so-called deepfakes – a form of generative AI – which can be used to create convincing fake text, images or sounds.
“Companies should take the new risks of AI-supported attacks very seriously and adapt their own cyber defences accordingly,” says Dr. Bruno Messmer, AI expert at DXC Technology. “It is advisable to systematically incorporate AI tools into the company’s security strategy and use them to analyze and detect attacks, as well as to select and train personnel.”
The good news: AI can also be used as a powerful tool to combat cybercrime. However, a good one in three companies in Germany still refrains from using AI to defend against hacker attacks – in Austria and Switzerland, the figure is around one in two. This was the result of the latest DXC survey “Securing a Digital Future” among N=300 specialists and managers who decide on the digitalization of the company.

2. new gateways
Employees are increasingly online with smartphones, tablets, laptops or other devices and an even greater number of applications. Professional usage behavior is merging with private activities. The increase in apps, text messaging services and social channels is creating completely new gateways for hackers to access sensitive data. This begins with the retrieval of live updates and continues with the seemingly harmless forwarding of links on WhatsApp to the sharing of job updates on LinkedIn. In this confusing scenario of online activities, traditional corporate cyber defense is less and less suitable for adequately protecting employees.
A “zero trust strategy” offers an answer to such a threat situation. This cyber security model consistently relies on users authorizing themselves at every level of network access. Even if a specific device is attacked, sensitive resources in the workplace can still be protected. It is important that the mindset with regard to the risks is communicated to employees so that all users pull together when implementing the strategy.
Companies still have some catching up to do when it comes to making employees aware of new gateways for hacker attacks: In Germany, only just over one in two companies carry out regular exercises for cyberattack scenarios (56 percent). In Austria, the figure is 63 percent and in Switzerland 66 percent of companies.

3. critical infrastructures at risk
According to expert forecasts, the number of cyber attacks on critical infrastructures will continue to increase. Digital control systems in factories, power plants and hospitals are increasingly becoming the target of hacker attacks. Media reports already show that cyber criminals – sometimes even on behalf of state actors – are acting without regard for losses.
Businesses are already busy scrutinizing their entire operating processes and equipping them with cyber security measures. The trend towards greater security is progressing step by step: for example, 76% of companies in Germany now have an emergency plan for hacker attacks. Two years ago, the figure was only 52 percent. In Austria and Switzerland, the figure is currently just under 70 percent according to the DXC survey.

4. increased threat situation for supply chains
Cyber criminals are targeting supply chains. Instead of just attacking individual end users, they are targeting the network of companies, their suppliers and customers in an industry. At risk are company data, access data, customer information, source code and other highly sensitive data that fall into the hands of individual criminals or state-sponsored hackers. Such attacks can have a profound impact on entire industries that are digitally interconnected via the supply chain. In cyber defense, it will become increasingly important to integrate third-party providers into risk management. Companies need a picture of who they are doing business with. For this reason, the DXC security experts manage security risks in connection with all third parties – including customers, providers and suppliers as well as partners and all network participants. This is also a particular focus of the EU’s NIS 2 Directive, which is currently being implemented in the member states.
Companies in the DACH region have varying levels of awareness of this risk: In Germany, 76 percent of companies regularly check their suppliers for so-called “supply chain attacks” and attacks on third-party providers. In Switzerland, the figure is only 62 percent and in Austria 54 percent.

5. AI joins forces
The shortage of skilled cybersecurity personnel is already a problem for companies today. At the same time, existing IT security teams are confronted with increasingly complex threat scenarios.
Companies are well advised to expand the pool of applicants for cybersecurity tasks and to retrain or develop their own employees with on-the-job training programs. Colleagues who do not have the necessary specialist knowledge, but who have analytical potential, problem-solving skills and technical know-how, for example, can be considered for this. This staff can be used to strengthen the first line of defense against potential cyber threats. AI tools are particularly important in such projects. AI and machine learning support the teams working with a high workload with readily available expertise. Security analysts, identity management experts and incident responders are freed up from routine tasks with the help of AI and can concentrate better on important case decisions.
Employee training courses on IT security are a key factor in the internal search for talent: 75% of companies in Germany run such courses regularly – an increase of a good 20 percentage points over the past two years. In Austria, 77 percent offer regular training courses and in Switzerland 66 percent – according to the results of the latest DXC survey of 300 IT decision-makers in the DACH region.