BSI 2025: progress in defenses, but security still critical for small businesses and private users

Germany’s Federal Office for Information Security (BSI) published its 2025 annual report covering July 2024–June 2025. The agency notes some progress in defending against cyberattacks but warns the overall security situation remains critical.

The report highlights a notable rise in newly discovered vulnerabilities and points to persistent security deficits — particularly among small businesses and private users, who often lack resources or practices to keep systems hardened and up to date.

Key findings

• Timeframe: the analysis covers July 2024 through June 2025.
• Improved defenses: some sectors showed better incident response and resilience.
• Rising vulnerabilities: the number of newly discovered security flaws increased during the period.
• At‑risk groups: small enterprises and private users were identified as especially exposed due to outdated software, weak configurations and limited security practices.

Recommended actions

• Keep software and firmware up to date and apply security patches promptly.
• Enable multi‑factor authentication (MFA) where possible and use strong, unique passwords or a password manager.
• Regularly back up important data and test restores to reduce ransomware impact.
• Harden network devices (routers, NAS) and disable unused services or ports.
• Consider managed security services or professional support if in‑house expertise is limited.

Small businesses and households can reduce their risk significantly by following basic cyber hygiene and investing in simple protections. The BSI report underscores that progress is possible, but persistent attention and resources are needed to close gaps.

Read the BSI’s full report for technical details and sector‑specific recommendations (opens in a new tab): bsi.bund.de.

Discussion: Which security steps do you find most effective for small businesses or home setups — patch management, backups, MFA, or outsourcing security? Share your experience.