Ransomware, AI attacks, and expanding attack surfaces: why 2026 must be the year of attack surface management
The latest situation report from the Federal Office for Information Security (BSI) paints a clear picture: the cybersecurity situation remains tense. Between July 2024 and June 2025, an average of 119 new vulnerabilities were recorded each day, a 24 percent increase over the previous year.
The threat level remains high, while attacks are becoming increasingly sophisticated and automated. Small and medium-sized businesses, in particular, are increasingly being targeted, as they often lack both up-to-date security measures and sufficient staff resources.
The report includes over 70 charts and data analyses—a sign of a paradigm shift: cybersecurity is becoming increasingly data-driven. Only by making threats measurable can they be effectively combated.
Data-driven security instead of gut feelings
A key feature of the new management report is the shift away from purely descriptive accounts toward quantitative metrics.
This development demonstrates that security is not a matter of gut feeling, but rather the result of measurable processes.
In the future, companies must clearly define:
- Which systems are vulnerable?
- How often do certain types of attacks occur?
- How effective are existing security measures, really?
Only with reliable data can trends be identified and investments be planned effectively.
A New Landscape of Criminals and AI as a Game-Changer
The dismantling of major ransomware groups such as LockBit and ALPHV provided short-term relief but created an opening for new, agile groups of attackers. These groups use modular attack tools that are easily adaptable and are increasingly relying on artificial intelligence to identify vulnerabilities more quickly or to perfect their phishing tactics.
In addition, the number of state-sponsored cyber operations specifically targeting critical infrastructure, communication networks, and supply chains is on the rise. The report makes it clear: cyberattacks are no longer merely a criminal phenomenon, but a geopolitical tool of power.
Vulnerability management is becoming a core task
With over 100 new vulnerabilities discovered every day, the attack surface is growing at a staggering rate.
Many companies struggle with outdated systems, a lack of segmentation, and insufficient visibility into their own IT infrastructure.
The BSI emphasizes:
“It is not the attack itself, but the unprotected surface area that poses the greatest risk.”
Companies that do not regularly inventory, patch, and consolidate their systems expose themselves to a constant risk, regardless of whether an attack is currently underway or not.
Ransomware and data breaches remain the dominant threats
Between July 2024 and June 2025, the BSI recorded 950 ransomware attacks on German companies and government agencies.
At the same time, 461 data breaches were reported, and the trend is on the rise.
Small and medium-sized enterprises (SMEs) are particularly vulnerable. A lack of backups, unclear responsibilities, and inadequate response plans often result in attacks going undetected for days or data being lost forever.
Digital Resilience: Progress with Clear Gaps
Positive: More and more organizations are adopting information security management systems (ISMS) and establishing emergency response procedures.
Negative: Nearly half of KRITIS operators still do not have an intrusion detection system in place.
According to the BSI, resilience means not only technical hardening but also organizational robustness: clear roles, defined escalation procedures, and regular crisis drills.
Focus on your own vulnerabilities rather than on attackers
The BSI is calling for a shift in thinking: rather than focusing on attacker profiles or malware families, companies should systematically address their own vulnerabilities.
Specifically, the agency recommends:
- Zero Trust architectures and context-based access controls
- Automated updates and consistent patch management
- Reducing unnecessary services and microsegmentation
- Continuous Monitoring and Incident Detection
2026: The Year of Land Management
The vision is clearly defined: 2026 is set to be the“Year of Infrastructure Management.”
Companies must identify, assess, and continuously monitor all accessible systems, from the cloud to the OT environment.
Cybersecurity is thus finally becoming an integral part of day-to-day operations.
Zero Trust, attack surface management, and security automation form the new cornerstones of modern security strategies.
The use of experts as a key to success
The BSI report makes it clear: without specialized expertise, it is nearly impossible to keep pace with the rapid evolution of threats.
Small and medium-sized businesses, in particular, benefit from managed security services, incident response teams, and threat intelligence analyses.
ITanic GmbH helps companies quantify risks, reduce their attack surface, and strengthen their cyber resilience in the long term through targeted monitoring—from security analysis and MDR to Zero Trust implementation and incident response.