Security is becoming the foundation of digital infrastructure
What is new in the cyber world?
At secunet, everything centers on digital sovereignty. It is about how states, public authorities, enterprises and critical infrastructures retain control over their data, systems and digital spaces, from secure cloud infrastructures to resilient identity and security architectures.
This is not new. What is new is the secunet quarterly newsletter. Once every quarter, it takes a look behind the scenes: at technological developments, selected projects and topics that shape the cybersecurity debate and secunet. The opening section provides a review of developments over the past quarter.
Europe’s response to growing email threats
While much of the current discussion focuses on cloud, AI and new models, a long-standing pillar of the digital world is easily overlooked: email. Yet it remains one of the main entry points for cyberattacks. A large proportion of attacks still begin in the inbox, from phishing to business email compromise. With the use of AI, these attacks are becoming more precise, more personalized and harder to detect.
At the same time, requirements are increasing. It is no longer just about protection, but about control over where and under what conditions sensitive data is processed. This question is often decisive, especially for public authorities, critical infrastructure operators and regulated industries.
This is where the partnership between secunet and Bitdefender comes in. The GravityZone security platform runs in the secunet cloud and combines modern threat detection with an operating model anchored in the European legal framework. It protects against phishing, ransomware and targeted email attacks, while ensuring that sensitive data is processed within the EU. The underlying infrastructure complies with C5 Type 2, IT-Grundschutz and ISO 27001. Telemetry, security events and configuration data remain entirely within the EU.
For many organizations, this combination of technological performance and legal control is increasingly becoming a decisive factor.
AI becomes an infrastructure issue
The race in artificial intelligence is often described as a competition for better models. At NVIDIA GTC 2026, a different trend became apparent: what increasingly matters is how and where AI is operated. secunet CEO Marc-Julian Siewert and Andreas Simon Rueckriegel , Vice President Cloud Services at secunet, attended the event. The discussion centered on the concept of the Sovereign AI Cloud and how AI can be securely deployed in highly regulated environments.
Developments such as OpenClaw and NemoClaw are bringing a new stage into focus: autonomous AI assistants that act independently. They place particularly high demands on control, isolation and traceable operating environments. Many projects start with ambition and remain in the pilot phase. The reason rarely lies in the models themselves, but more often in requirements related to security, compliance and operations.
Together with Hewlett Packard Enterprise and NVIDIA , secunet is working to close this gap with a Private Cloud AI that has been specifically developed for highly regulated environments. What matters most is operations. The solution can be run in a fully isolated setup, thereby creating the conditions to deploy powerful AI even in sensitive areas, such as public authorities or critical infrastructures, without long lead times.
Cybersecurity becomes part of defence capabilities
As defence budgets in Europe increase, the cybersecurity market is evolving as well. Investments are increasingly flowing into digital infrastructures that not only protect data, but also secure operational capabilities. It is no longer just about traditional network security. What is needed are systems for handling classified information, secure mobile work environments for personnel in the field, as well as resilient communication architectures that function even under operational conditions.
How strongly secure IT has become part of strategic defence debates was recently demonstrated at the Handelsblatt Conference on Security and Defence in Berlin. At the event, Marcel Taubert , Vice President Defence and Space at secunet, spoke about how decision-making capability in 2029 will increasingly depend on secure IT architectures, AI-supported decision-making processes and a new information culture. This development reflects a fundamental shift: cybersecurity is no longer a supporting function, but part of defence capabilities itself.
Read the full article by Marcel Taubert in Handelsblatt: https://veranstaltungen.handelsblatt.com/journal/go/3vle
Europe’s Entry/Exit System goes live
The passport stamp is being phased out. With the Entry/Exit System (EES), one of the largest digital infrastructures in the Schengen Area is being established at Europe’s external borders. This system captures the biometric data of third-country nationals, records their border crossings and thus replaces the previous passport stamps with a digital procedure.
The roll-out of the EES will be completed across Europe by April 2026. What sounds like a technical upgrade is, in practice, also a stress test for existing processes. More travellers, additional checks and rising security requirements meet limited capacities. The key question is therefore not only how secure the systems are, but how reliably they perform under real-world conditions. The focus is on digital identity, the quality of biometric data and integration into existing processes. Every delay, every repetition and every process interruption has a direct impact on airport operations.
As one of the largest providers of border control technology, secunet has been playing a key role in ensuring that no critical disruptions occur to passenger traffic at the equipped airports and border control points. secunet recently demonstrated at the Passenger Terminal Expo in London how processes can be further optimised going forward through pre-registration of data, intelligent management of passenger flows or, for example, the use of Digital Travel Credentials.
The race for quantum computing has begun
Terms such as Quantum Apocalypse or Q Day are now appearing regularly in the security debate. At the core is a simple question: how long will the cryptography on which a large part of today’s digital infrastructure is built remain secure?
Recommended by LinkedIn
With the update of its cryptographic guidelines, the German Federal Office for Information Security has, for the first time, set a concrete timeframe for this discussion. For applications with particularly high protection requirements, the transition to quantum-safe cryptography is expected to be completed by the end of 2030. From 2031 at the latest, classical asymmetric methods such as RSA or ECC are no longer used on their own, but only in combination with post-quantum cryptography.
This is driven by a scenario that security researchers have been discussing for several years and consider highly likely: attackers can store encrypted data today in order to decrypt it in the future using powerful quantum computers. This so-called “store now, decrypt later” risk primarily affects information with long-term protection requirements.
For organisations, this is a strategic challenge. Cryptography is no longer simply updated, but is being rebuilt step by step. Post-quantum cryptography is thus becoming one of the central foundations of future security architectures.
NIS-2 in practice with insights from Marlitt Stolz
After a long period in development, NIS-2 is now in force. Since December 2025, the German implementation law has been in effect. Cybersecurity has now clearly become part of corporate responsibility. However, the new requirements are not easy to navigate.
A large number of companies, including operators of critical infrastructure, are affected and now face significant pressure to act, as the requirements take effect immediately and there is no transition period. By March 2026, affected companies were required to register with the Federal Office for Information Security. Security incidents must now be reported directly. At the same time, NIS-2 requires significantly more: structured risk management, clear responsibilities and resilient supply chains.
For our colleague Marlitt Julika Stolz , NIS-2 is not an abstract set of rules, but part of day-to-day practice. As Head of Management Systems and Audits at secunet, she supports clients and teams in implementing these requirements in a structured and practical way. Her approach follows a clear principle: analyse impact, identify security gaps, implement measures and assess their effectiveness.
It is not just about processes, but also about mindset. “Working in the field of information security is not just a job, but has become a lifelong mission for me and is essential for the success of the German economy,” explains Marlitt Stolz. She will share insights into this practice at DMEA - Connecting Digital Healthcare from April 21 to 23, as well as at the NIS-2 Congress 2026 on May 12 and 13.
Robotics for critical infrastructure: third place at the Digital Future Challenge
The next generation of tech talent is already stepping up. Our student employee Carol Stefan , together with his team, secured third place at this year’s Digital Future Challenge. The award was presented at the final in Berlin, attended by German Federal Minister for Digital Affairs Karsten Wildberger as patron of the initiative. At the core of the team’s work is a question that concerns many operators of critical infrastructure: how can dangerous and physically demanding routine tasks be automated while ensuring that humans remain part of the decision-making process?
To address this, the team developed a concept for the use of mobile, AI-powered service robots in maintenance facilities for the German high-speed ICE train. There, employees carry out a wide range of tasks, from safety-critical checks to water supply and wastewater handling. The concept is that such a robot takes over particularly demanding tasks, such as freshwater and wastewater processes on trains. This creates more time for other important tasks, while employees monitor the process and intervene when necessary. The goals are more efficient maintenance, improved working conditions and more stable rail operations.
Technologically, the approach is based on a combination of mobile robotics, AI-powered object recognition and teleoperation. Systems can initially be controlled remotely and gradually learn until they are able to take on tasks with increasing autonomy.
Carol is studying computer science at the Technical University of Munich and has been working at secunet since September. Congratulations to Carol and the entire team on this strong result at the Digital Future Challenge.
Growth trajectory confirmed: a record year for secunet
secunet reports a strong financial year for 2025. Group revenue increased by 13 percent to EUR 458.8 million. EBIT rose by 21 percent to EUR 51.6 million, while EBITDA reached EUR 74.9 million. Order intake grew to EUR 531.9 million, with an order backlog of EUR 278.9 million.
These figures reflect more than solid financial performance. They point to a market undergoing structural change. Cybersecurity is no longer an optional add-on. It is becoming a prerequisite for economic stability and the ability of states to operate. This shift is driven in part by a changing geopolitical landscape, where conflicts are increasingly played out in cyberspace. At the same time, the nature of threats is evolving. Cyberattacks are not only increasing in volume, but are also being used strategically to destabilise states, while advances in artificial intelligence make them more automated and scalable.
Security is therefore moving to the centre of management decision-making and becoming a core element of modern IT architectures. Regulatory frameworks such as NIS2 and the Cyber Resilience Act reinforce this trend and increase pressure on organisations to act. As awareness of digital sovereignty grows, so does demand for sovereign security solutions.
For secunet, this development brings particular responsibility. Its technologies contribute to protecting digital infrastructures in Germany and across Europe.
Digital sovereignty does not develop in isolation. It is discussed, further developed and put into practice at conferences, industry gatherings and specialist events. In the coming weeks, secunet will be represented at several key events.
These and other dates can be found in secunet’s event calendar. Personal interaction remains an important part of collaboration, even in a digital industry.
Thank you.
Interested Topics Newsletter : I invite you to visit my new Weekly Newsletter Bulletin ✍️ https://www.garudax.id/newsletters/globally-market-news-7349475298716839936