27. jährlicher e-Crime & Cybersecurity Kongress Deutschland

From cybersecurity to national security

18th June 2026 • The Westin Grand Munich

A race against time: Getting in front of the Al security problem — as much as it may seem like hype, Al adoption by business and the bad guys is a reality, and securing it is the biggest CISO challenge yet.

 

Securing Al in the business, understanding Al as a threat vector, unwrapping Al in security tooling

The Bundesverband Digitale Wirtschaft {BVDW), Germany's digital economy association, recently released a detailed framework addressing ethical implementation of Al agent systems as the technology approaches mainstream adoption across marketing and business operations. The 25-page whitepaper arrives amid stark public resistance to autonomous Al, with BVDW-commissioned surveys revealing only 25% of Germans express willingness to delegate tasks to Al agents. 

Businesses are taking a different view. According to a recent survey of 2,250 IT and cyber decision makers across 21 countries, 81% of global businesses are already using Al-driven tools as part of their cybersecurity strategy. This figure is even higher in the UK: 86% of businesses have incorporated Al. 

The survey underscores that Al and automation are considered top priorities for improving cybersecurity over the next 12 months by 42% of organisations surveyed. 

Companies see Al as a critical tool for staying ahead of threats and managing increasingly complex digital environments. However, 94% of global businesses believe that Al will negatively affect their cyber risk exposure within the next three to five years. In the UK, 66% of businesses surveyed are concerned that Al-driven attacks will increase significantly in both complexity and scale during this period. 

Every sector is affected. Some, like retail innovate so fast to keep up with customers that they already have agentic and other Al across everything from inventory management to their e­commerce offerings. Others are moving more slowly. But as Boards demand the productivity and efficiency gains being promised by Al providers, pushing back against widespread Al deployment is difficult. Accenture has just announced that promotions will be linked to the frequency with which staff login to and use Al tools! 

Securing this Al sprawl is critical. Ensuring data integrity becomes even more critical as it feeds into business-essential Al processes. 

Organisations also need to defend against Al which is already acting as a force multiplier, enabling threat actors to execute, automate, and scale complex attacks with unprecedented speed, reducing the need for high-level human expertise. These attacks use generative Al to create tailored malware, conduct highly convincing social engineering, and autonomously map, simulate, and exploit network vulnerabilities in real time. 

And what about the Al being deployed by your security vendors? Is it a new attack surface? Do you understand what they are doing? Do they? 

All these topics, as well as the bread-and-butter issues, will be discussed at our latest e­Crime & Cybersecurity Congress. If you want access to the best insights, the most thought­ provoking presentations, and the most senior and sophisticated network, it's must-attend. 

 

The e-Crime & Cybersecurity Congress Germany will look at how security teams and the business must change their security model to secure Al systems and defend against Al-enabled attackers. Join our real-life case studies and in-depth technical sessions from the most sophisticated teams in the market. 

 

Achieving visibility across ecosystems 
From exposed initial access points, to complex IT/OT environments to roaming Al agents and other non­human machine identities, simply understanding your device and application landscape is a huge challenge. Can you help with asset tracking and endpoint visibility? And what about anomaly detection after that? 

Data integrity a critical priority 
In Al-powered business, corrupted data equals corrupted decisions. Pricing engines, demand forecasts and recommendation systems are only as trustworthy as their inputs. CISOs must prioritise data lineage tracking, tamper detection, pipeline validation and cryptographic integrity controls across analytics and Al workflows.

Defending against the latest ransomware variants 
Ransomware is effective precisely because it can exploit whatever weaknesses exist in your security architecture and processes. The threat and the actors are constantly evolving and that evolution is forcing the hands of government and causing havoc in the insurance market. What can CISOs do to better defend against ransomware? 

Securing Agentic Al 
Agentic systems don't just generate content - they act. CISOs must address model manipulation, prompt injection, data poisoning, tool-chain abuse and privilege escalation within Al agents executing transactions. Governance must extend beyond ML pipelines into runtime controls, behavioural monitoring and kill-switch design.

Why zero trust, isolation and segmentation are key 
Business ecosystems now include logistics APls, fintech integrations, marketplace sellers, social­commerce platforms and Saas pricing engines. Each connection expands attack surface. Continuous third-party risk scoring, API security testing, software bill of materials (SBOM) validation and zero-trust segmentation become foundational, not optional. 

From Analysts to Al Supervisors 
Security teams cannot scale headcount at the pace of digital transformation. The future SOC blends automation engineers, detection scientists and Al risk specialists. Peer collaboration, shared intelligence and trusted industry forums become force multipliers in defending fast-moving retail environments. 

Making the best use of threat intelligence 
In a preemptive security model, timing is everything - success depends on detecting and neutralizing threats before they become active incidents. To do this, security operations can't just rely on internal telemetry (e.g., endpoint or network logs). They need external, real-time context about emerging threats - where do they get it? 

Security Posture Management 
Traditional vulnerability scanners don't handle cloud native architectures well. Today's cloud environments spin up thousands 
of ephemeral assets without a traditional OS, without an IP address for long. So how do you adapt to that dynamic, APl-driven reality? How can traditional tools connect the dots - not just generate tickets? 

Improving continuous attack surface discovery 
You need to know what attackers can see and what they can actually attack -and you need it on a continuous basis, not in some static inventory. Ideally you also need assets ranked by risk priority and put into the current threat and vulnerability context. Is this feasible and is it cost effective? 

The power of automation 
There's too much manual intervention in security. SOAR pulls data from SIEMs, EDRs, firewalls, cloud APls, ticketing systems threat intelligence feeds, and even email servers and coordinates actions across tools via APls and prebuilt integrations and intelligent playbooks. Well, that's the theory. How does it work in the real world? 

Adversary simulation and behavioural analysis 
Automated adversary simulation identifies telemetry blind spots. They provide prioritized remediation guidance and control effectiveness metrics. They track progress trends and validate security ROls as well as providing board and audit reporting. How well do they work in practice? 

Dealing with regulations 
CISOs now must build a single coherent security program that simultaneously satisfies divergent regulatory demands; they must interpret vague legal standards into technical architectures, and they risk non-compliance if auditors, regulators, or courts interpret differently later; they face unrealistic expectations around incident reporting; and they face personal liability. Can RegTech help? 

Details zur letzten Veranstaltung finden Sie hier

  • Sichtbarkeit über Ökosysteme hinweg erreichen

    • Von exponierten ersten Zugangspunkten wie Lagerverwaltungssystemen bis hin zu komplexer Maschinensteuerungssoftware ist es eine enorme Herausforderung, einfach nur Ihre Geräte- und Anwendungslandschaft, deren Verbindungen und Datenflüsse sowie Abhängigkeiten zu verstehen. 
    • Können Sie bei der Nachverfolgung von Assets und der Sichtbarkeit von Endpunkten helfen? Und wie sieht es danach mit der Erkennung von Anomalien aus?

  • Data integrity a critical priority

    • In Al-powered retail, corrupted data equals corrupted decisions. 
    • Pricing engines, demand forecasts and recommendation systems are only as trustworthy as their inputs. 
    • CISOs must prioritise data lineage tracking, tamper detection, pipeline validation and cryptographic integrity controls across analytics and Al workflows.

  • Abwehr der neuesten Ransomware-Varianten

    • Ransomware ist gerade deshalb so effektiv, weil sie alle Schwachstellen in Ihrer Sicherheitsarchitektur und Ihren Sicherheitsprozessen ausnutzen kann. 
    • Die Bedrohung und die Akteure entwickeln sich ständig weiter, und diese Entwicklung zwingt die Regierungen zum Handeln und sorgt für Chaos auf dem Versicherungsmarkt. 
    • Was können CISOs tun, um sich besser gegen Ransomware zu schützen?

  • Securing Agentic Al

    • Agentic systems don't just generate content - they act. 
    • CISOs must address model manipulation, prompt injection, data poisoning, tool-chain abuse and privilege escalation within Al agents executing transactions. 
    • Governance must extend beyond ML pipelines into runtime controls, behavioural monitoring and kill-switch design.

  • Warum Zero Trust, Isolation und Segmentierung entscheidend sind

    • Bei den jüngsten Angriffen hat sich ein Wandel weg vom Datendiebstahl vollzogen – nun geht es den Angreifern darum, den gesamten Betrieb zu stören. 
    • Es ist daher von entscheidender Bedeutung, dass Geschäftsfunktionen voneinander getrennt und der Internetzugang zu OT-Netzwerken eingeschränkt werden. 
    • Können Sicherheitsteams mit raffinierten Angreifern Schritt halten?

  • From Analysts to Al Supervisors

    • Retail security teams cannot scale headcount at the pace of digital transformation. 
    • The future SOC blends automation engineers, detection scientists and Al risk specialists. 
    • Peer collaboration, shared intelligence and trusted industry forums become force multipliers in defending fast-moving retail environments. 

  • Optimale Nutzung von Bedrohungsinformationen

    • In einem präventiven Sicherheitsmodell ist das Timing entscheidend – der Erfolg hängt davon ab, dass Bedrohungen erkannt und neutralisiert werden, bevor sie zu aktiven Vorfällen werden. 
    • Dazu können sich Sicherheitsabteilungen nicht nur auf interne Telemetriedaten (z. B. Endpunkt- oder Netzwerkprotokolle) verlassen. 
    • Sie benötigen externe Echtzeit-Informationen über neue Bedrohungen – woher bekommen sie diese?

  • Sicherheitsstatusverwaltung

    • Herkömmliche Schwachstellenscanner sind für Cloud-native Architekturen nicht gut geeignet. 
    • In heutigen Cloud-Umgebungen werden Tausende von kurzlebigen Assets ohne herkömmliches Betriebssystem und ohne IP-Adresse für längere Zeit bereitgestellt. 
    • Wie können Sie sich also an diese dynamische, API-gesteuerte Realität anpassen? 
    • Wie können herkömmliche Tools die Lücken schließen – und nicht nur Tickets generieren?

  • Verbesserung der kontinuierlichen Erkennung von Angriffsflächen

    • Sie müssen wissen, was Angreifer sehen und was sie tatsächlich angreifen können – und zwar kontinuierlich, nicht nur anhand einer statischen Bestandsaufnahme. 
    • Idealerweise benötigen Sie auch eine nach Risikopriorität geordnete Einstufung der Assets, die in den aktuellen Kontext von Bedrohungen und Schwachstellen eingebettet ist. 
    • Ist dies machbar und kosteneffizient?

  • Die Leistungsfähigkeit der Automatisierung

    • Im Bereich Sicherheit gibt es zu viele manuelle Eingriffe. SOAR bezieht Daten aus SIEMs, EDRs, Firewalls, Cloud-APIs, Ticketingsystemen, Threat-Intelligence-Feeds und sogar E-Mail-Servern.
    • Außerdem koordiniert es Maßnahmen über Tools hinweg mithilfe von APIs, vorgefertigten Integrationen und intelligenten Playbooks.
    • So sieht es zumindest in der Theorie aus. Wie funktioniert es in der Praxis?

  • Gegner-Simulation und Verhaltensanalyse

    • Die automatisierte Gegner-Simulation identifiziert Telemetrie-Blindspots. 
    • Sie liefert priorisierte Abhilfemaßnahmen und Kennzahlen zur Wirksamkeit der Kontrollen. 
    • Sie verfolgt Fortschrittsentwicklungen, validiert Sicherheits-ROIs und erstellt Berichte für den Vorstand und die Revision. 
    • Wie gut funktionieren sie in der Praxis?

  • Umgang mit Vorschriften

    • CISOs müssen nun ein einheitliches Sicherheitsprogramm entwickeln, das gleichzeitig unterschiedliche regulatorische Anforderungen erfüllt. Sie müssen vage gesetzliche Standards in technische Architekturen umsetzen und riskieren bei einer späteren abweichenden Auslegung durch Prüfer, Aufsichtsbehörden oder Gerichte Verstöße gegen Vorschriften. Sie sehen sich mit unrealistischen Erwartungen hinsichtlich der Meldung von Vorfällen konfrontiert und tragen persönliche Haftung. 
    • Kann RegTech hier Abhilfe schaffen?

Wer nimmt teil

Jobtitel

Chief BISO
Chief Information Security Officer
Chief Information Security Officer
Chief Information Security Officer
Chief Security & Privacy Officer
CISO
CISO/CTO
Director
Director Cyber Defense & CERT
Director Data Privacy
Director Security Risk & Compliance
Director Global Security Investigations
Director Information Security
Director, CRISC
Head of Security & Governance
Head of Compliance
Head of Corporate Data Protection
Head of Cyber
Head of Cyber Security
Head of Cyber Threat Response
Manager Information Security
Head of I.T.
Head of I.T. Security
Head of Information Security
Head of Information Security
Head of Internal Audit
Head of IT / Operations
Head of IT Security
Head of IT-Security
Head of Legal Data Privacy
Head of Penetration Testing
Head of I.T. Security
Head of Security
Head of Security Management
Head PCI Compliance
VP Cyber Security & Defence
Vice President, Threat Intelligence
VP Credit & Fraud
VP Crisis & Emergency Management
ASIC Operations
BISO
Cards Security Manager
CERT
COO Data Protection Programme
Corporate Audit
Head of Methods, Projects, IT
Corporate Security Awareness Manager
Counsel, Privacy & Information Law
Country Security Officer
CTO Security & Risk
CTSO
Fraud & Risk Manager
GAMA Business Task Force
Global Head of Data Protection
Global IT - Information Security
Global IT Manager
Group Data Protection Commissioner
Group Information Security Officer
Group Lead Active Defense Center
Information Security Manager
Information Security Manager
Information Security Manager
Information Security Manager
Information Security Manager
IT Security Manager
IT Security Manager
IT Security Research Engineer
Global IT Security & Compliance
Global IT Security & Compliance
IT Spezialist, WAN und Zugang
ITM Global Information Security
Lawyer
Lawyer
Leiter Informationssicherheit CISO
Leiter Unternehmenssicherheit
Local Data Security Officer
Manager Compliance
Manager Fraud Prevention
Operational Security Officer
Partner
Partner
IT Infrastructure Vice President
Security Fraud Manager
Security Manager
Security Manager, CISSP
Senior Alliance & BD Manager
Senior Manager Internal Audit
Senior Enterprise Security Manager
Senior I.T. Auditor
Senior Information Security Manager
Senior Information Security Manager
Senior Internal Auditor
Senior IT Auditor
Senior Manager
Senior Manager, Products & Innovation
Senior Project Manager (Infocontrol)
Senior Ref NGN
Senior Researcher
Senior Risk Manager
Senior Security Consultant
Senior Security Expert
Senior Security Product Manager
Senior Security Professional
Senior Security Specialist
Senior Security Specialist
Cyber Crime Investigations
Service & Contract Manager
Software Development Engineer
Specialist Security
SR IT Security Consultant
I.T. Security & Compliance Manager
System Analyst
Systemadministrator / CISO
GAMA Business Task Force
Team manager IT Security Operations
Teamleader I.T. Infrastructure
TORM & Financial Crime

Firmen

Deutsche Bank Group
Deutsche Post
GE Capital
NYSE Euronext
Vodafone
Merck & Co
Audi
Deutsche Bank Group
Deutsche Telekom
First Data Merchant Solutions
First Data Merchant Solutions
American Express
Tech Data
SAP
BT
Allianz
Otto Group
Marsh
Airbus
Deutsche Bank Group
Daimler
Hengeler Mueller
Commerzbank
Eurostar
Quipu
Nintendo
Triodos Bank
Wirecard Bank
Lanxess AG
Siemens
Deutsche Telekom
Federal Office for Information Security
Commerzbank
Bank Verlag
Six-Group
Atos
Citigroup
Elavon Merchant Services
Deutsche Telekom
Allianz
Citigroup
BP
Commerzbank
UBS
MAN SE
BMW
Vodafone
Field Fisher Waterhouse LLP
Vattenfall AB
Deutsche Bank Group
Vodafone
Sofort
Deutsche Bank Group
Allianz
Adidas
Adidas
Deutsche Lufthansa
Citigroup
Commerzbank
KfW Bankengruppe
DZ Bank
Oce
Teradata
AXA
Deutsche Bundesbank
KfW Bankengruppe
Airbus
Adidas
E.ON
BMW
Daimler
Postbank P.O.S. Transact
Osborne Clarke
RWE Group
DZ Bank
Robert Bosch
Adidas
DZ Bank
E.ON
Osborne Clarke
Baker & McKenzie LLP
Deutsche Bank Group
Q8 Kuwait Petroleum
Siemens
Vodafone
Research in Motion
Nintendo
Adidas
Commerzbank
Deutsche Post
DHL
Mondi
DHL
ThyssenKrupp AG
Deutsche Telekom
BP
Deutsche Telekom
UBS
Postbank P.O.S. Transact
BT
Deutsche Telekom
Research in Motion
Triodos Bank
Deutsche Post
Tech Data
American Express
COLT Technology Services
Nintendo
COLT Technology Services
Deutsche Bank Group
Deutsche Post
Citigroup
BNP Paribas
Deutsche Bank Group
Deutsche Bundesbank
SCOR
Santander

Industrien

Banking
Kommunikation
Elektronik
Finanzen
Telekommunikation
Andere
Automobil
Telekommunikation
Technologie
Lebensversicherung
Herstellung
Automatische Herstellung
Anwaltskanzlei
Transport
Unterhaltung
Immobilien
Regierung
Energie
Verbraucherprodukte


Veranstaltungsort

The Westin Grand Munich

Location:

The Westin Grand Munich

Arabellastrasse 6,
Munich, Germany, 81925

Phone number: +49 89-92640

Directions:

Please click here