Insights & Analysis

Know before it becomes relevant.

In-depth analysis on cyber governance, regulatory developments and the real threat landscape – for decision-makers, not technicians.

Featured Analysis

NIS2 & DORA

Personal Liability Under NIS2: What Executives Need to Know Now

NIS2 shifts responsibility for cybersecurity directly to the executive level. We explain what this means in practice and how to protect yourself.

June 20256 min.
Threat Analysis

Ransomware 2025: Why Attackers Start Earlier Than Ever

Modern ransomware groups prepare attacks weeks in advance. Our analysis shows which indicators point to an imminent attack.

May 20258 min.
Supply Chain

The Blind Spot: Why Your Suppliers Are Your Biggest Risk

More than 80% of all successful cyber attacks use third parties as entry points. We show how real risk assessment works instead of questionnaires.

May 20257 min.
NIS2 & DORA

DORA for Financial Services: An Overview of Operational Implications

DORA has been mandatory since January 2025. What does this mean for IT risk management, incident reporting, and critical system resilience?

April 20259 min.
Executive Briefing

The Executive Cyber Risk Briefing: What Boards Really Should Be Asking

The right questions in the boardroom can make the difference between reactive and proactive risk management. We provide the question catalog.

April 20255 min.
Threat Analysis

Credential Theft: When Stolen Access Goes Undetected for Months

Compromised credentials often circulate on the dark web for a long time before being used. How to find out if your employee credentials are already being traded.

March 20256 min.
Governance & Law

Cyber Risk Insurability: What Insurers Really Demand Today

Cyber insurance is getting stricter. What evidence and documentation insurers require from companies in 2025 – and how to prepare.

March 20257 min.
Supply Chain

Software Supply Chain Security: Learning from SolarWinds

Supply chain attacks have reached a new level. What companies can learn from the biggest cases and which measures effectively protect.

February 202510 min.
Executive Briefing

Cyber Resilience vs. Cyber Security: An Important Distinction for Executives

Many companies confuse security with resilience. We explain the difference – and why it is crucial for your governance strategy.

February 20255 min.
Governance & Law

Supervisory Board Duties in Cybersecurity: What Must Really Be Documented

NIS2 and DORA dramatically increase requirements for supervisory boards. What documentation obligations exist and how to structurally reduce liability risks.

January 20256 min.
Threat Analysis

Phishing-as-a-Service: How Professional Attack Services Abuse Your Brand Name

Criminals offer phishing infrastructure as a service. How your brand becomes a weapon against your customers – and what you can do about it.

January 20257 min.
NIS2 & DORA

NIS2 in Austria: What Companies Must Concretely Implement

Austria has transposed NIS2 into national law. Which companies are affected, what must be implemented by when, and how to succeed in practice.

December 20248 min.
Supply Chain

Third Party Risk Management: Why Questionnaires Provide No Security

Vendor questionnaires are the standard – but not the solution. What alternatives exist and what technically sound TPRM looks like.

December 20247 min.
Threat Analysis

Darknet Monitoring: What Circulates, What Endangers – and What to Do

Corporate data, credentials, and attack plans are traded on the darknet daily. How systematic monitoring works and what it concretely achieves.

November 20247 min.
Executive Briefing

The CISO as Lone Fighter: Why External Support Makes Strategic Sense

CISOs face growing pressure from regulation, threat landscape, and resource scarcity. How external expertise strengthens the internal security function.

November 20245 min.

Stay informed.

Executive briefings and analysis directly for decision-makers – no jargon, only relevant insights.

Request Executive Briefing