data security Archive | OTRS

IT Security Trends 2025: 5 Priorities for Decision-Makers and Security Teams

Jens Bothe — Thu, 15 May 2025 06:08:15 +0000

IT Security Trends 2025: 5 Priorities for Decision-Makers and Security Teams

2025-05-15
Jens Bothe

Security & Compliance

The findings from the “OTRS Spotlight: Corporate Security 2024” survey* reveal a significant shift in how organizations approach IT and cybersecurity. IT security is slowly but surely reaching a strategic level. Companies re cognize the growing threat landscape. They are re-evaluating their strategies, adapting their internal structures, assessing priorities, and considering investments to better address threats and to enhance their cybersecurity measures. In 2025, IT security is no longer just a technical concern. It’s a critical element of business resilience and leadership responsibility. Below are the most relevant insights from the survey results – and what they mean for your organization.

Cybersecurity Is Becoming a Leadership Priority

The survey results show that IT security has gained more visibility at the highest levels of organizations. The share of respondents who are satisfied with the funding that IT and cybersecurity receive at their organization has increased by 20% compared to 2023. This is an important signal that companies are beginning to treat security as a strategic priority rather than just an operational task. This shift is significant. Involving leadership brings several advantages:

faster decision-making,
better budget allocation, and closer
alignment between security measures and business goals.

It also ensures that security risks are considered when entering new markets, launching digital services, or managing third-party relationships. As cyber threats become more complex and costly, leadership involvement is no longer optional – it’s a competitive necessity.

Real-World Security Incidents Are Driving Action

Concrete events often trigger concrete action – and the CrowdStrike case is a prime example. According to the survey, 93% of organizations took additional precautions to strengthen their IT security in response to this event. Notably, this includes organizations that were directly affected by the incident and those that were not. This high level of responsiveness illustrates how external events can act as accelerators for internal change. It reflects a growing awareness that threat scenarios affecting other companies can serve as valuable early warning signals. The most common measures companies implemented include:

Diversifying the IT and software landscape to reduce dependency on single providers
Implementing advanced real-time monitoring and alerting systems
Introducing additional testing for new patches and updates
Reviewing or updating existing incident response plans

These actions show that companies are learning from real-world incidents and adjusting their security posture accordingly. Instead of simply implementing reactive fixes, they are becoming more proactive in how they prepare for and respond to future security incidents. Rather than waiting for an incident to occur within their own environment, security teams are increasingly learning from industry-wide events and making forward-looking changes. At the same time, the response to this high-profile incident highlights a continued shift in mindset: IT and cybersecurity are no longer isolated technical disciplines. They are central to risk management and business continuity. Being prepared to respond quickly is just as important as prevention. Organizations that can react swiftly to breaches minimize damage and downtime – a capability that increasingly defines resilience in the digital age.

Resource Gaps Are Slowing Down Progress

Despite the increased focus on IT and cybersecurity, many organizations remain under-resourced in key areas. For most of those who are not satisfied with their organization’s IT and cybersecurity funding, the top issues are insufficient investments in software and security awareness training (27% each). Nearly as many (26%) cite a need for more investment in infrastructure, while 21% see a need for more staff. Just under half of respondents consider their organization to be optimally prepared for security incidents. Also, 82% confirm that they have seen an increase in security incidents over the past twelve months. Knowing this, organizations are well advised to heed the call for greater investment from their IT and cybersecurity teams. This rapidly evolving threat landscape is also cited by just over a third of security teams as the top challenge they face in incident response

Device Management Is a Major IT Security Concern

Remote work and a growing number of IT devices have added another layer of complexity. These require broader and more flexible security measures that many organizations are still struggling to implement. The main pain points for security teams in enforcing security policies across devices are:

A lack of IT staff and resources (39%)
Scalability issues due to the growing number of devices and the diversity of devices and operating systems (33% each)
Managing devices in remote or hybrid work environments (32%)

On top of this, another layer of complexity is rapidly growing and compounding the challenge for security teams: Almost all organizations surveyed are already using AI-enabled devices (92%). Managing these devices requires additional expertise and technical infrastructure to protect sensitive information, mitigate risk and ensure compliance with privacy regulations. IT security teams are already taking action to accomplish this by training employees in the secure handling of data (46%), using secure servers for data processing (43%) and implementing strict usage policies (40%), among other measures.

Software Tools Reduce the Workload of IT Security Teams

Organizations need to address:

the increasing number of cyber threats
the additional attack surface created by the increasing number of devices and
AI-enabled devices

To do this, they must provide resources to their IT security teams. This includes hiring or training additional staff and investing in software tools that can ease the burden on their teams.

1. Mobile Device Management (MDM)

Mobile device management(MDM) or unified endpoint management (UEM) tools can help IT security teams:

track and manage devices,
ensure the timely rollout of updates and patches, and
disable or restrict AI capabilities.

Almost two thirds of the organizations surveyed are currently using MDM (64%), and 56% are using UEM. However, only 21% currently use such tools specifically to disable or restrict AI features on corporate devices. This could either be because the specific tools they are using do not support this functionality, or IT security teams are not yet making full use of their tools.

2. Vulnerability management

Vulnerability management is an essential part of IT security and risk management. At 38% each, respondents report that vulnerabilities or corrupted files in corporate systems and devices as well as vulnerabilities, data breaches, or misuse of AI tools or services have caused extreme or significant damage or risk to their organization in the past. Vulnerability management tools help IT security teams prevent this. Just above two thirds are already using such tools, a 12% increase compared to 2023. Another 23% are planning to introduce it. When choosing a solution for vulnerability management, security teams need to make sure that it enables them to scan for, detect, track and respond to vulnerabilities in the organization’s entire IT supply chain. It should also automate and orchestrate critical tasks. With staff stretched thin and the number of incidents and vulnerabilities on the rise, being able to act fast and effectively is crucial. Therefore, the software solution also needs to integrate well with other tools in the teams’ stacks to empower seamless workflows and communication.

3. Security Orchestration, Automation and Response (SOAR)

Effective incident response is crucial in mitigating the impact of cyber threats. IT security teams need to be able to rapidly identify, assess, prioritize and resolve security incidents to minimize downtime. A robust and comprehensive security orchestration, automation and response (SOAR) software solution enables just that. It provides seamless integration with existing security tools for a unified defense strategy and facilitates clear organized communication. Both are essential for rapid response as well as for meeting compliance and regulatory requirements. Teams that already use SOAR software say its biggest benefits are that it

makes it easier to work with IT,
increases the automation of their incident response processes, and
improves incident tracking and reporting.

Despite these advantages, only 58% are currently using SOAR software.

Keeping Your IT Security Tool Stack Under Control

The number of tools that IT security teams have in their stack has increased since last year. According to their plans, it will increase only further. On the one hand, this is a positive development because these tools enable them to better protect their organization from cyber threats. On the other hand, managing and maintaining multiple security tools brings new challenges.

Tool complexity (46%) and integration difficulties (45%) are the main difficulties that IT security teams encounter in doing so. Software solution providers appear to be aware of these challenges. Even though integration difficulties persist, slightly more than three quarters are either satisfied or very satisfied with the integration and interoperability of their current security tools. New tools also often require additional training to leverage them, which is another major challenge for more than a third. When it comes to selecting new software solutions for their IT and cybersecurity organizations, these challenges are only partially reflected in the most important criteria that security teams look for. While integration capabilities rank in the top five criteria at 38%, post-sale support and training rank a distant ninth at 26%. Teams are also looking for compliance and security features as well as integrated AI functionalities – an indication that trends such as artificial intelligence and regulations such as NIS-2 or DORA substantially influence IT and cybersecurity teams’ agenda and way of working. Timely security updates and patches as well as functionality follow in second place.

To keep their IT security stack under control , security teams need to carefully evaluate what is really important to them, both in the short and long term. For example: If a software solution offers all the latest AI functionalities but is difficult to integrate, it may be wise to reassess whether these features are must-haves or nice-to-haves.How much value do they actually add? In the long run, better integration capabilities or ongoing support and training may outweigh the benefits of potentially immature AI capabilities that only marginally help the team work more effectively and efficiently.

Key Takeaways: Top IT Security Trends 2025

The results of the survey outline a clear picture of what’s ahead. IT and cybersecurity are undergoing a fundamental transformation from back-office functions to boardroom priorities. In today’s dynamic cybersecurity landscape shaped by shifting priorities, external pressures, and internal challenges, the top five trends organizations should act on in 2025 and beyond can be summarized as follows:

1. Make incident preparedness a top priority

Real-world events like the CrowdStrike incident show that fast, well-coordinated responses matter. Keep incident response plans updated and tested.Ensure they’re integrated into your broader security strategy.

2. Secure leadership commitment and strategic funding

As cybersecurity becomes a board-level issue, IT and cybersecurity leaders must engage decision-makers with clear risk and ROI narratives to secure long-term investment.

3. Close critical resource and skills gaps

Budget alone isn’t enough. Address staffing shortages and invest in ongoing training to maintain operational readiness amid rising incident volumes.

4. Treat AI and device management as core risk areas

The rapid spread of AI-enabled and mobile devices is expanding the attack surface. Implement scalable controls, usage policies, and focused employee training to stay ahead.

5. Streamline and integrate your security tool stack

More tools don’t always mean better protection. Prioritize solutions that reduce complexity, integrate easily, and support automation to relieve pressure on your teams. Organizations that understand and act on these trends will be better positioned to navigate the evolving threat landscape. Now is the time to connect leadership, invest in the right capabilities, and treat security as a core business function – not just a technical one.

Be Ready When It Counts: Strengthen Your Incident Response Capabilities

As the complexity and frequency of cyber threats continue to rise, organizations must ensure that their security teams are equipped with the right tools — not just to detect issues, but to act quickly and effectively when incidents occur. A robust incident response solution is a critical component of any modern IT security strategy. Implementing comprehensive incident response software can help:

Facilitate structured, traceable communication across teams and stakeholders
Integrate seamlessly with your existing security software stack
Ensure fast and efficient response to limit damage and downtime

With staffing and integration challenges on the rise, the right solution doesn’t just add functionality — it reduces friction, enhances coordination, and strengthens your organization’s overall cyber resilience. Investing in incident response software that fits your environment and scales with your needs is a strategic step toward staying secure and responsive in 2025.

*About the Survey “OTRS Spotlight: Corporate Security 2024”

The data used is based on an online survey conducted by Pollfish Inc. on behalf of OTRS AG, in which 476 IT and cyber security professionals in the U.S., Germany, Brazil, Mexico, Australia and Malaysia participated between August 22 and September 17, 2024.

More results can be found in the infographics available for download here:

Jens Bothe

Jens Bothe is the Director Global Consulting for OTRS AG and is responsible for advising our customers. With his team, he ensures that customers in any industry can use OTRS optimally.

Security & Compliance

DORA: How cyber security works in the financial sector

Tobias Kortas — Fri, 17 Jan 2025 06:53:06 +0000

DORA: How cyber security works in the financial sector

2025-01-17
Tobias Kortas

Security & Compliance

Background

The DORA regulation means additional work for companies in the financial industry, but it is also an important opportunity. It’s a chance to increase their cyber resilience, respond effectively to incidents and achieve a consistently high level of security.

More and more incidents and sophisticated attacks make it necessary to establish effective protection and counter cyber threats more effectively.

You can find out more about the background to DORA here.

What is DORA?

The Digital Operational Resilience Act (DORA) is an EU regulation designed to strengthen digital resilience in financial companies and their infrastructures. DORA lays down uniform rules to ensure that the organizations are armed against cyber attacks and other IT-related risks.

The regulation bundles and harmonizes rules from other EU regulations and directives. It stipulates that comprehensive adoption of IT and risk management systems is required. It came into force on January 17, 2025.

What does DORA require?

The Digital Operational Resilience Act is intended to strengthen the digital resilience of the entire European financial sector.

Its main contents are as follows::

Risk Management: To identify, manage and monitor IT risks, financial companies need to implement robust systems and processes.
Reporting obligations: Companies must document and report IT disruptions and cyber attacks.
Third-party provider management: Strict rules apply for dealing with critical third-party providers of IT services, such as a critical ICT (information and communications technology) third party. Here, companies must establish information sharing arrangements and ICT third party risks must be evaluated.
Regular IT tests: To identify potential vulnerabilities, companies must regularly test their digital systems for weaknesses.
Uniform framework: There is harmonization of requirements within the EU to avoid fragmentation.

Who is affected by DORA?

As a European regulation, DORA primarily affects financial companies. It also includes:

Banks
Insurance companies
Investment companies
European securities and markets authority
European supervisory authorities
Payment service providers
Providers of critical ICT services

In addition, it includes supervisory authorities and regulatory bodies, such as the european insurance and occupational pensions authority. Even smaller financial players that may be indirectly affected by cyber risks and their service providers must comply with DORA standards. The regulation affects a broad target group and focuses on the overall interdependencies within the financial sector. IT disruptions affecting one particular player could have an impact on the entire sector. For this reason, all parties involved must be resilient to cyber risks.

What is the impact of DORA?

Broadly speaking, there are two possibilities: Either companies and organizations see DORA as a challenge or as an opportunity.

DORA as a Challenge

The regulation poses challenges, as it generally takes a long time to comply. With two years between its entry into force on January 17, 2023 and its application on January 17, 2025, this should be completed by now. Nevertheless, problems may arise. Financial companies must consistently ensure a high level of maturity in terms of cyber security and operational resilience. DORA leads to new requirements such as penetration tests (simulated hacker attacks) and other stricter security measures. In addition, companies and their service providers must precisely clarify and monitor mutual dependencies: For example, companies are responsible for ensuring that third-party providers and ICT third party service providers are resilient, particularly in the case of critical business processes. This only works if they work closely with IT service providers. In short, in order to do justice to DORA in the long term, companies have to invest a great deal of effort – and keep a close eye on the security of the systems they use.

DORA as an Opportunity

On the positive side, DORA will keep companies safer. After all, resilience is not only important, it is a key competitive advantage.

In other words, it never hurts to protect yourself comprehensively - especially when the threat level is constantly increasing.

Tobias Kortas

Critical attacks that not only threaten sensitive data but can also cause significant economic damage happen all too quickly.

Companies that already meet other regulatory requirements are generally better positioned to easily implement DORA than those who are not.

The following opportunities exist:

Improving resilience and security: By implementing the DORA regulation, companies effectively increase their cyber security and resilience against attacks. They experience a lower risk of IT outages, cyber attacks and other incidents. They keep themselves safe in the event of ICT related incidents too.
Harmonization and economies of scale: The EU-wide uniform framework enables companies operating across borders to optimize and standardize their processes. They benefit from fewer administrative hurdles and economies of scale.
Competitive advantages: A high level of digital resilience acts as a quality feature and trust factor for customers, partners or investors. Those who can cope well with possible attacks and outages stand out from the competition.
Holistic control: Third-party provider management enables companies to better understand their dependencies and take appropriate measures at an early stage to minimize any risks arising from external service providers.
Innovation incentives: As affected companies sometimes have to invest in new technologies and processes, they are given the opportunity to build an efficient and future-proof IT infrastructure.

The right software support gives organizations peace of mind, effectively helps them comply with all regulations and proves invaluable when actual incidents occur.

Tobias Kortas

Best Practices for Enhancing Cybersecurity

The Digital Operational Resilience Act is forcing affected companies to increase their own IT security. However, it also makes a lot of sense to invest in cyber security independently of a regulation . Doing so arms you against attacks and incidents. It also provides stability, a stronger competitive position and increased trust.

It is therefore worthwhile – even for companies outside of the financial sector – to comprehensively review their IT security, embrace digital operational resilience testing and make the associated investments.

The following best practices can help.

Best practice #1: Implement structured cyber defense

In an emergency, IT, security and management teams need to communicate with each other in a secure and structured manner. Predefined and proven processes save time and avoid errors. An adequate cyber defense solution not only provides everyone involved with a quick overview and automates workflows, but also promises absolutely secure encryption and extended compliance functions.

Best practice #2: Rely on suitable IT services

Commissioning external provision of IT services increases the scope for companies and therefore also their ability to react flexibly to security incidents. Good scalability, easy access to specialist knowledge, a lower workload and professional IT management are just some of the benefits. This is particularly important when working with a critical ICT third party.

Best Practice #3: Provide IT asset management

IT asset management describes the systematic management of IT assets – such as computers, software, networks and important information. By managing this centrally, information silos and risks can be avoided.

Best Practice #4: Create an incident response plan

With a sophisticated emergency plan, it is possible to respond quickly and appropriately to security incidents. Preparing for possible threats is crucial for a high level of cybersecurity. An Incident Response Plan (IPR) typically includes roles, responsibilities, escalation paths, communication protocols and technical steps to deal with security incidents.

Best Practice #5: Analyze and monitor threats

The best defense is to prevent a threat from emerging in the first place. It is therefore advisable to monitor networks for unauthorized activities and implement appropriate systems. Those who use threat intelligence to collect, analyze and disseminate data on threats can react quickly and neutralize them before they become acute.

Best Practice #6: Secure IoT devices

The Internet of Things (IoT) has become very important – and continues to expand. However, it also entails a number of security risks. To protect yourself as much as possible, standard passwords should not be used for the relevant devices and the software should be updated regularly. It is also advisable to deactivate unnecessary functions and services.

Best Practice #7: Work with ethical hackers

No one can thwart a successful hacker attack as well as hackers themselves. Using ethical hackers on your own systems is the best way to ensure the best possible level of security.

Essentially, there are two possible outcomes:

Ethical hackers do not find relevant vulnerabilities, which is an optimal reassurance that a system is secure.
Relevant vulnerabilities come to light so that the organizations concerned can eliminate them before an emergency occurs.

More practices

In addition, there are lots of other steps that can be taken by businesses seeking to keep their people, processes and tools safe, including:

Multi-factor authentication
Regular software updates
Regular review of access rights
Regular backups of critical data
Secure handling of emails

The Right Software Can Help

When it comes to cyber security, it’s all about having the right software, in two ways:

The software used must be secure and legally compliant.

Special security solutions are needed – especially in the DORA sector and for critical infrastructure (KRITIS) – in order to provide comprehensive protection and to be able to react quickly and appropriately to possible incidents.

How software solutions increase protection

Security and compliance are among the core requirements for software solutions. However, adequate protection is not a given. Compliance with the General Data Protection Regulation (GDPR), using secure servers in Europe, enabling comprehensive authentication and applying advanced security methods form a good standard.

Systems should also be audit-ready with uneditable documentation about mitigation activities. This can act as a means of having all action steps and communication published in the official journal. Systems should also be equipped with automated backups.

Overall, a strongly protected cloud solution without compliance risks, for example, can quickly put organizations on the right path. Those who rely on a professionally managed and comprehensively monitored solutions usually increase protection much more efficiently than through internal security measures. This creates a good basis for complying with regulations such as DORA and significantly minimizes the risk of attacks and incidents.

Why special cyber defense solutions are so important

There is no shortage of cyber risks or security vulnerabilities. Organizations need to be prepared for the worst, regardless of how secure their IT systems and security measures already are. The threat level is increasing and the DORA regulation clearly shows that a robust cyber defense solution is highly recommended.

This is not only about handling security incidents as effectively as possible and being able to communicate in a structured manner between the teams involved, but also about pushing security to the highest possible level – right up to meeting military standards.

Conclusion: See DORA as an opportunity

Regulations such as DORA cost organizations a lot of time, money and nerves. It is not always easy to comply with them in every respect. Regulations often do not have a positive connotation and many people doubt their usefulness.

Now, however, DORA brings together existing regulations and thus reduces the “regulatory madness” to which many organizations are exposed. In addition, the financial sector – including the areas that interact with it – has high security standards already. DORA is simply a good impetus for meeting these. In other words, the regulation is a challenge, but even more so an opportunity to implement steps that can be invaluable for practical reasons, given the high threat level.

In today’s business world, security and compliance depend heavily on the software solutions used. So making the right choices in this area, implementing comprehensive protection features and keeping everything up to date provides an excellent basis for consistently complying with regulations such as DORA.

Tobias Kortas

Security & Compliance

Data management: definition, benefits and best practices

Tobias Kortas — Mon, 24 Jun 2024 09:59:00 +0000

Data and information are now among the most important resources. The problem is that most companies don't even know what data they have or how to use it. Valid data helps teams understand target groups correctly and create the right messages for them. The more structured the data is, the more easily companies can use it. Data management, including its benefits and practical tips for companies, is the topic of this article.

How to Ensure Reliable Protection for Critical Infrastructure

Tobias Kortas — Wed, 20 Mar 2024 09:38:59 +0000

The critical infrastructure is in the spotlight – among security teams and politically. It must be protected from threats so that it is always available to people. This article looks at how this can be achieved.

Data governance – definition, advantages, tips, tools

Tobias Kortas — Fri, 15 Mar 2024 11:26:43 +0000

Nowadays, we experience an increasing flood of data. It is increasingly important for companies to figure out how to handle data: Who has control over it and what exactly is the best way to handle it? This article sheds light on what data governance is and how companies can best benefit from it.

ISO 27001 Certification

Bernd Maus — Fri, 08 Jul 2022 14:19:10 +0000

ISO 27001 certification signifies that a company or organization has established an ISMS that is in line with the international standard. Learn what you need to look out for and how to find the right ISMS solution to support certification efforts.

Cyber Resilience in Companies

Jens Bothe — Mon, 09 Aug 2021 07:30:26 +0000

Does your company have the capabilities to recover as quickly as possible in the event of a cyber attack? Read why your company should be brought back to normal as quickly as possible and damage from cyber attacks should be kept to a minimum.

About the right cyber security tool

Jens Bothe — Mon, 24 May 2021 07:30:34 +0000

Finding the right cyber security tool is not always easy. We have prepared a selection of tools and explain the differences.

Cyber security and Cyberattacks: Investments that pay off

Jens Bothe — Mon, 08 Mar 2021 08:30:47 +0000

The digitization of business is picking up speed. Find out why cyber security should not be neglected here.

Taking a Look at 2021

Christopher Kuhn — Tue, 22 Dec 2020 10:00:12 +0000

What trends will shape your IT organization or business in the upcoming year? Christopher Kuhn, COO OTRS Group, gives an outlook.

Security Incident Management Process – Planning and Implementation

Jens Bothe — Wed, 04 Nov 2020 10:00:25 +0000

How does an incident management process work? What has to be considered in case of an incident? And how can STORM help?

Buy Safely Online – With These Tips There Should Be No Unpleasant Surprises

Jens Bothe — Mon, 02 Nov 2020 10:00:20 +0000

More and more shopping takes place online. But it is also becoming less secure. What do buyers have to do to buy safely online?

Has the Public Sector Embraced Cloud-based SaaS?

Christopher Kuhn — Mon, 10 Feb 2020 10:00:28 +0000

The public sector has been slowly moving towards cloud-based SaaS solutions. Learn about steps providers take to address common questions.

How public authorities should deal with security risks

Jens Bothe — Mon, 27 Jan 2020 10:00:21 +0000

Tighter security measures apply to critical infrastructures. We provide recommendations for risk management.

CCPA Continues GDPR Trends

Christopher Kuhn — Mon, 13 Jan 2020 10:00:59 +0000

The CCPA went into effect on January 1, 2020. What will it mean to businesses?

Infrastructure Security Requires Team Work

Jens Bothe — Mon, 27 May 2019 08:00:26 +0000

Infrastructure security is a critical concern that requires coordinated attention by governments, businesses and individuals.

Cloud or no cloud – that is the question! OTRS offers both.

Christopher Kuhn — Mon, 04 Mar 2019 01:27:57 +0000

Asking whether or not the cloud is the best option for you? Consider this.

GDPR: Here come the fines…

Christopher Kuhn — Mon, 28 Jan 2019 15:08:49 +0000

The GDPR has been active since May 2018 and the first large fines have now been imposed.

IT Focus in 2019: What Are the Top Priorities for German and American CIOs?

Author OTRS — Mon, 14 Jan 2019 10:00:34 +0000

The differences between Germany and the USA are small, and one sector stands out the most.

Is Your Business Ready For Consumer-Driven Change?

Christopher Kuhn — Mon, 03 Dec 2018 10:00:33 +0000

With the introduction of the DSGVO more people are sensitized to what happens with their data.