With increasing digitalization and interconnectedness, cybersecurity is gaining ever more importance. At the same time, the risks posed by cyber attacks are increasing dramatically. Russia's war against Ukraine in particular has significantly exacerbated the threat over the past three years. At the 11th Munich Cyber Security Conference (MCSC) leading cybersecurity experts from the worlds of politics, business and science addressed the key levers for tackling this challenge: We must overcome our complacency and invest massively in our cybersecurity, all stakeholders involved must cooperate far more than before and we must make greater use of artificial intelligence (AI) and quantum computing as the biggest technological drivers of the future for cybersecurity. At the same time, we must not place too high expectations on these technologies. After all, people are and will remain the decisive factor.

We are facing massive threats in our digital world: cyber criminals are trying to steal our data, hostile regimes are deploying hacker groups to attack our critical infrastructure and enemies of democracy are spreading AI-generated fake news via social media. To protect us from these threats, cybersecurity experts from government agencies, the military, businesses and academia are working together worldwide. Once a year, the key international players meet at the MCSC, the Munich Cyber Security Conference, to discuss the latest developments and trends.

Uncertainty on the Rise: Defining Purpose with Clarity

This year's event, held in Munich on February 13 and 14, bore the motto “Uncertainty on the Rise: Defining Purpose with Clarity”. The guests included high-ranking politicians, heads of government agencies, military leaders, cybersecurity experts, leading tech think tanks, and global IT and user companies (see overviews below). 

They discussed the limits and possibilities of public-private partnerships to improve cybersecurity, the role of the secret services, the relevance of the human factor as part of the solution, what companies can do to become more cyber-resilient, what opportunities and risks new technologies such as AI and quantum computing pose for cybersecurity, how media and information gathering are changing in the digital age, and what role regulation currently plays in cybersecurity and should play in the future.

Claudia Eckert, Director of the Fraunhofer Institute for Applied and Integrated Security AISEC, Chairwoman of the organizing Security Network Munich and MCSC 2025 host, named one of the conference's main goals in her welcoming address: networking and the exchange of ideas between all stakeholders. The experts in the various panels went on to confirm that there is indeed a need for collaboration in order to meet the challenges.

 

Key messages from the conference, according to Claudia Eckert

Increase speed: Worldwide, attacks are becoming more and more effective, particularly due to the use of AI. Attackers operating globally act with a speed that outpaces defenders. To narrow this gap and increase the speed, cooperation between the private and public sectors must improve, both within and across national borders; regulations must be simplified, harmonized and streamlined, and trustworthy AI solutions for cybersecurity must be deployed quickly and on a broad scale.

Improve collaboration: In particular, government agencies and private businesses must work together better and more closely to combat cyberattacks. In particular, global software and technology providers have in-depth knowledge and sufficient data on the nature and course of attacks. This knowledge could also be used by government agencies. In contrast, government agencies have special powers and can take measures to protect critical infrastructure, business and civil society that are not available to companies.

Better protection of physical cyber capacities: Whether in the Baltic Sea or in the Strait of Taiwan, according to experts at the conference, between 95 and 100 percent of digital data traffic runs over copper subsea cables. These physical cyber capacities are essential, but they are an easy target for attackers. We need better strategies to protect them.

Deploy state-of-the-art technologies, at last: The only way to stop or at least effectively mitigate the rapid increase in ever more effective attack campaigns is for businesses and the public-sector to finally get a move on and implement comprehensive cybersecurity measures, and to have their effectiveness continuously verified by independent audits.

Use AI for automation: AI is both friend and foe for cybersecurity. Currently, it still seems to be more evolutionary than revolutionary, but it will have fundamental effects on cybersecurity, for example, through automating attacks and defense against them. Above all, AI can help us to make up for scale disadvantages compared to attackers.

Prepare for the quantum age now: According to experts at the conference, more progress has been made in the development of quantum computers in the last two years than in the last 30 years combined. As a result, it is now, at the latest, that businesses must prepare for the quantum age. This is because powerful quantum computers will break our conventional encryption. We need to start building a quantum-secure internet now to be prepared for the quantum age. 

Better education and vocational training: The human factor will remain essential for successful cybersecurity. However, it is not only specialists who master the new technologies, recognize the new dangers and implement technological protective measures who are needed. Interdisciplinary thinking and communication skills will become increasingly important. New training and continuing education formats are urgently needed that go beyond traditional awareness campaigns and cover all user and employee levels. The goal should be to move from security awareness to security education, so that people become part of the solution and no longer part of the problem, as has often been the case in the past. In particular, it is important to close the knowledge gap among decision-makers regarding the effects of a lack of cybersecurity. 

New, more offensive ways of defending against attacks: Cybercrime, especially ransomware, is a globally flourishing, highly lucrative business model with billions in profits. Disinformation campaigns, the undermining of public and economic security, and the disruption of critical infrastructure unite attackers, mostly state-sponsored organizations. Unfortunately, victories such as the dismantling of the Emotet malware and the worldwide investigations of Operation Endgame are far too rare in the effective fight against the multitude of attackers. New approaches are needed that directly address the attackers' business model by driving up their costs per attack to such an extent that attacks are no longer worthwhile because the financial cost is too high, the attack takes too long or the risk of becoming a victim through offensive defense measures is too great. Examples of offensive defense are the shutdown of internet platforms used for attacks or the takeover of domains of attackers so that attacks come to nothing. New approaches in the section of offensive defense, which quickly and purposefully implement effective measures against the attackers' business models on the basis of a constitutional framework, are urgently needed. Controlled solutions based on generative AI are ideal for this.

Combating deepfakes and misinformation more decisively: Traditional media are progressively losing their informational and opinion-forming sovereignty to social media platforms and AI-controlled bots that automatically produce fake news at an unprecedented speed and volume. Deepfakes are becoming a massive threat to our democratic societies, but also to individuals and businesses. Well-known approaches to combating deepfakes, such as detecting and removing such fakes, marking fake content or embedding watermarks in genuine content, are important but not sufficient to even begin to tackle the immense flood of disinformation. Targeted, offensive countermeasures could also provide a remedy, in order to interrupt the infrastructure used to distribute deepfakes. However, new approaches need to be considered as well. The tokenized internet, an extension of an idea that is being discussed in the financial sector, could be one such completely new approach.

Invest in future technologies: We must now invest in future technologies such as trustworthy AI for cybersecurity, agentic AI, quantum computing and smart robotics to actively shape the future of cybersecurity.

The Munich Cyber Security Conference, a side event of the Munich Security Conference, has been taking place since 2015. It has steadily grown from a meeting of technical cyber experts to the world's leading cybersecurity conference, attended by the leading international cybersecurity stakeholders. This year's 11th conference in 2025 hosted around 800 guests. The MCSC is organized by the Munich Security Network.

High-ranking guests from politics, government and the military

·       Dag Baehr, Vice President, German Federal Intelligence Service (BND)

·       Carl Bildt, Former Prime Minister of Sweden

·       Carl-Oskar Bohlin, Swedish Minister for Civil Defence

·       Catherine De Bolle, Executive Director of Europol

·       Miguel De Bruycker, Managing Director General of the Centre for Cybersecurity Belgium

·       Tobias Gotthardt, Bavarian Ministry of Economic Affairs

·       Keiichi Ichikawa, Deputy National Security Advisor at the Cabinet Secretariat of Japan

·       Chris Inglis, Former National Cyber Director at The White House

·       Sami Khoury, Senior Official for Cyber Security in the Government of Canada

·       Carsten Meywirth, Head of the Cybercrime Unit, Federal Criminal Police Office (BKA)

·       Hanno Pevkur, Minister of Defence of the Republic of Estonia

·       Claudia Plattner, President of the German Federal Office for Information Security (BSI)

·       Audrry Tang, Former Minister of Digital Affairs of Taiwan

·       Henna Virkkunen, Executive Vice-President of the European Commission

·       Hans de Vries, Chief Cybersecurity and Operations Officer at ENISA

 

Leading figures in the global tech scene

·       Accenture

·       Airbus

·       Amazon Web Services

·       Bitkom

·       Cloudflare

·       CrowdStrike

·       Fraunhofer AISEC

·       Giesecke+Devrient

·       GitLab

·       Google

·       Infineon

·       Lenovo

·       Mastercard

·       Microsoft

·       Meta

·       NEC

·       Palo Alto Networks

·       Secunet

·       SAP

·       Schwarz Digits

·       Siemens

·       Snapchat

·       Technical University of Dresden

·       University of Oxford

·       University of California, Berkley Center