ISG Provider Lens™ Cybersecurity – Solutions and Services - Extended Detection and Response - Germany 2025

Technological revolution and skills shortage drive the cybersecurity market in Germany

In increasingly challenging circumstances, cyber threats to companies in Germany are growing as cyberattacks become increasingly sophisticated, frequent, complex and adaptable. The shortage of qualified cybersecurity professionals is exacerbating the situation and driving demand for external services. New technologies favor cyber threats and also offer new business opportunities for service providers. Service providers that understand the requirements of different target groups and are proficient in both technical, business and regulatory aspects can also benefit here.

Those responsible in German companies are currently facing various challenges. The increased cyber threats in the context of political tensions, such as the war in Ukraine, and the trend toward remote working — along with the long-term trend of digitalization — have led to increased attack surfaces for cyber attacks in Germany, which require appropriate countermeasures. On the other hand, the weak economy is leading to financial challenges.

Business processes are increasingly being shifted to IT as part of digitalization. Intellectual property is also increasingly being represented digitally. As a result, the growing need to protect IT and communication systems
has transformed IT security into corporate security. The increased use of home offices in Germany — and the resulting external connection of employees — has made IT systems more vulnerable to attack.

In addition to digitalization and increased remote working, the increasing provision of resources from the cloud has made IT systems more vulnerable and has led to the growing relevance of the zero trust approach and a loss of importance of perimeter security. The principle of never trust, always verify means, among other things, mutual authentication and continuous network monitoring.

Cyber criminals are implementing new, more sophisticated and more complex methods to overcome the cyber defense systems of companies and authorities at ever shorter intervals. There have been a number of spectacular cyberattacks in the recent past, but less prominent attacks, such as ransomware, are also causing increasing problems for companies. Accordingly, cybersecurity measures must be completely up to date. Not least due to the shortage of IT specialists, especially in the cybersecurity market, companies and authorities are increasingly overwhelmed by this, and IT managers are increasingly using external services, such as security operations centers. These providers, as well as many IT security product providers, are increasingly relying on proactive rather than reactive methods based on AI, for example, to keep up with the threats themselves.

Not only companies’ own protection, but also legal regulations such as the General Data Protection Regulation (GDPR) in the EU are forcing companies to implement stronger security measures to prevent cyberattacks. This continues to be a major challenge, especially for SMEs. In addition, many SMEs from certain sectors are currently being classified as infrastructure requiring special protection.

Among other things, this will result in increased protection requirements and measures with regard to cybersecurity. The underlying EU Directive NIS-2 is expected to be transposed into national law in 2025.

SMEs are an interesting market segment for cybersecurity providers in Germany. Overall, SMEs have less mature IT security systems than large companies, but are forced to upgrade them due to the factors described above. As a
result, they have significant progress to make and are, therefore, experiencing above-average growth in demand for cybersecurity solutions. A balanced customer structure of large and midsize companies is even more advantageous for security providers in order to benefit from the extensive budgets of large accounts. The current weak economy in Germany is not leaving the demand for cybersecurity solutions untouched, so that SMEs, with their aboveaverage
growth in demand, are becoming an increasingly attractive market segment that also needs to be adequately addressed. It is not enough to simply offer midsize customers a service for large customers. Rather, the entire go-to-market (GTM) approach — products, prices and communication — must be adapted to these customers.  Communication and cultural aspects are particularly important in order to be accepted by SMEs as a provider that
takes this segment seriously. 

Despite the great importance of cybersecurity, IT managers are once again increasingly struggling with the task of legitimizing investments in cybersecurity vis-à-vis company stakeholders, especially the CFO. Unlike with other IT projects, it is not always possible to prove the profitability of cybersecurity investments; it is also not easy to quantify
threat risks. On the other hand, more and more managers are recognizing that cyberattacks can lead to massive — and possibly existential — financial and reputational damage. As a result, IT security is becoming increasingly important in German companies, and senior management is becoming more involved in cyber risk management.

It is still the case that the cause of cybersecurity incidents is often not (solely) on the technical side. Rather, many attacks are facilitated by careless user behavior, such as phishing and Trojan attacks. In addition to up-to-date IT
security equipment, user training and advice, therefore, continue to play an important role.

Advice is also increasingly in demand with regard to technical threats. In addition to cyber attacks and solutions based on AI, the need for advice is also increasing with regard to quantum-based attacks. These represent a new quality in attacks on the encryption of confidential data, which has now become much more urgent. While it was previously assumed that technical developments would leave time for concrete countermeasures until the end of the decade, this has changed due to new criminal strategies. With the harvest now - decrypt later approach, it has now become clear that the protection of data in the form of encryption needs to be reviewed and, if necessary, strengthened more urgently than previously assumed. As a result, the number of service providers that have adapted their consulting services to this new type of threat and opened up a new area of business has increased significantly over the last two years. These consulting services are currently still being used primarily by banks and insurance companies, as their assets consist of virtual assets and are, therefore, potentially particularly at risk. Due to the dynamic development
described above, demand is also rising sharply in other sectors of the economy.

Data leakage/loss prevention and data security (Products)

Interest in DLP solutions has increased significantly again in Germany in recent years. This is due to various factors that affect the security of data in companies. Data and intellectual property have become increasingly important and, in some cases, existentially significant corporate assets. 

In addition, the increasing business use of private end devices poses a particular challenge in terms of protection against unwanted data leaks, as they are often beyond the configuration and control of the company’s administration. Increasing regulatory requirements drive the demand for DLP solutions. AI supports manufacturers in offering powerful solutions.

Technical security services

Due to increasingly sophisticated cyberattacks and the pressing shortage of skilled workers, companies and authorities in Germany are increasingly reliant on external cybersecurity services to keep their IT security systems up to date.

Service providers that can offer a broad range of technical security services from a single source have a particular advantage in this market, as IT security projects are often complex and multifaceted.

Strategic security services

German companies are being called upon to protect their IT systems from damage in the face of increasingly frequent, intensive and sophisticated cyberattacks. It is no longer just the well-known large companies and public authorities that are affected, but increasingly also small and midsize companies. The shortage of IT specialists continues to make
this situation more difficult.

Among other things, service providers that can offer their customers seamless end-toend services and the integration of IT and security solutions from a single source have an advantage. In addition, in-depth knowledge of regulatory requirements is increasingly in demand, and advice on post-quantum encryption is becoming more important than
previously expected.

Next-gen SOC/MDR services

The increasingly sophisticated cyberattacks are also driving demand for services from security operations centers (SOCs) and managed detection and response (MDR) services in particular. The shortage of qualified experts and the need for specialist knowledge that is always up to date make these services even more interesting for German companies.

Large and especially midsize customers appreciate SOCs with a German or EU location due to the increasingly important aspect of data protection (digital sovereignty). Integrated solutions comprising IT and associated security
solutions, end-to-end security services and a high level of innovation are also important for both target groups in order to stay ahead in the race against cyber criminals.

Managed security service providers are increasingly turning to automation and AI to combat cyber threats. The ideal solution is to combine machine efficiency with comprehensive human expertise.

Access to the full report requires a subscription to ISG Research. Please contact us for subscription inquiries.