Cyber Warfare 2026: When States Digitally Arm Up

2 min Reading Time

State-sponsored cyberattacks are no longer science fiction – they’re everyday reality. From Russia’s Sandworm to China’s Volt Typhoon: the threat landscape for European businesses has intensified dramatically in 2025/2026. Here’s how cyber warfare differs from traditional cybercrime and how companies can protect themselves.

TL;DR

• Cyberattacks on critical infrastructure in Europe rose by 38 percent year-on-year, according to ENISA
• State-backed actors such as Sandworm (Russia) and Volt Typhoon (China) operate with budgets comparable to those of medium-sized enterprises
• German KRITIS operators, defense suppliers, and research institutions are particularly targeted
• Conventional IT security strategies are insufficient against state-level attackers – Assume Breach and Threat Intelligence have become mandatory

The New Dimension of War

2025 marked a turning point: cyberattacks on critical infrastructure in Europe surged by 38 percent compared to the previous year, ENISA reports. The attackers are no lone wolves – they are state-funded groups with budgets rivaling those of mid-sized companies.

Russia’s Sandworm group, officially known as Unit 74455 of the GRU, has repeatedly targeted European energy providers and telecommunications companies since the start of the Ukraine conflict. At the same time, China’s Volt Typhoon campaign has demonstrated that even Western military infrastructure remains vulnerable.

How Cyber Warfare Differs from Traditional Cybercrime

The crucial difference lies in motivation and resources. While ransomware groups are financially driven, state actors pursue strategic objectives:

• Sabotage: Destruction or manipulation of critical systems (energy, water, healthcare)
• Espionage: Long-term infiltration of networks for intelligence gathering – often undetected for years
• Preparation: Placing backdoors in systems for use during emergencies, known as prepositioning operations
• Destabilization: Combining cyberattacks with disinformation campaigns

The Threat Landscape for German Companies

German businesses are especially in the crosshairs. Since 2024, the BSI (Federal Office for Information Security) has classified the threat level as alarmingly high. Particularly affected are:

KRITIS operators – Energy providers, water utilities, and hospitals are primary targets. The January 2026 attack on a mid-sized German municipal utility revealed that attackers had gained access months earlier and were simply waiting for the optimal moment to strike.

Defense industry suppliers – Supply-chain attacks via smaller subcontractors are the preferred method for reaching larger targets. A mid-sized company with 200 employees can become the entry point for attacks on the Bundeswehr or NATO partners.

Research institutions – Universities and Fraunhofer Institutes report systematic attempts to breach their research databases, especially in fields such as AI, quantum computing, and materials science.

Fact: In 2025, the BSI recorded over 15,000 reported security incidents among KRITIS operators – an increase of 42 percent compared to 2024.

Fact: The average dwell time of state actors within compromised networks is 287 days – nearly ten months undetected.

What Companies Must Do Now

Traditional IT security strategies are inadequate against state-sponsored attackers. Recommended actions:

1. Use Threat Intelligence: Actively integrate BSI alerts, CERT-Bund, and sector-specific ISACs
2. Adopt an Assume Breach mindset: Operate under the assumption that attackers are already inside your network. Prioritize detection and response
3. Treat OT security separately: Industrial control systems (ICS/SCADA) require dedicated protection strategies
4. Develop emergency plans for cyber warfare scenarios: What happens if the internet and cloud services fail simultaneously?
5. Use NIS2 as a baseline: The EU directive sets the minimum standard – but KRITIS operators need more

Conclusion

Cyber warfare is not just a concern for military strategists – it affects every company with digital infrastructure. The question is no longer if but when an organization will come under attack. Companies that fail to invest in resilience now risk more than data loss: they risk losing their operational capability.

Key Facts

KRITIS attacks: Cyberattacks on critical infrastructure in Europe increased by 38 percent.

BSI reports: The BSI detected over 250,000 new malware variants daily in 2024/2025.

Frequently Asked Questions

How does cyber warfare differ from regular cybercrime?

Traditional cybercrime is financially motivated – ransomware, fraud, selling stolen data. Cyber warfare pursues strategic goals: sabotage of critical infrastructure, espionage, political destabilization. State actors possess far greater resources, patience, and expertise than criminal groups.

Are small and medium-sized enterprises affected by cyber warfare?

Yes, especially as entry points. Supply-chain attacks deliberately target smaller suppliers to gain access to larger entities through network connections. An SME in the supply chain of a KRITIS operator or defense contractor is an attractive target.

What measures are top priority?

Adopting an Assume Breach mindset, active Threat Intelligence (BSI, CERT-Bund, sector-specific ISACs), network segmentation, and tested emergency plans. NIS2 requirements provide a solid baseline but are insufficient for particularly exposed organizations.

Related Articles

• Hybrid Warfare and Disinformation: The Underestimated Cyber Threat to Businesses
• Cybersecurity Trends 2026: The 7 Developments Security Decision-Makers Must Know
• NIS2 Checklist 2026: What Companies Need to Implement Now

More from the MBF Media Network

• Cloud as an Enabler of Digitalization
• IT Strategies for Digital Transformation

Header Image Source: Mike Bird / Pexels

About the author: Tobias Massow

More articles by Tobias Massow