IT Security Consulting

Cybersecurity doesn't have to be complicated
How threatened is Germany's cyberspace?

The IT security situation in Germany is very tense. Cyberattacks cause massive damage, costing German companies alone €179 billion, and reports to the BSI rose by 33% (726 reports). Ransomware is the biggest threat, with ransom payments rising sharply and global revenues of US$1.1 billion in 2023. SMEs and local authorities are particularly affected, with 72 local authorities and 1.7 million residents affected by successful attacks on IT service providers. The CrowdStrike incident (July 19, 2024) caused $5.4 billion in damage, solely due to a faulty update. (As of 2024)

The attack surface is broad: many Exchange servers and Android devices are vulnerable, and vulnerabilities are constantly increasing. Around 21,000 infected systems are reported every day. The top threats to society, the economy, and the state include identity theft, ransomware, and vulnerabilities in online servers.

These developments underscore the urgent need for comprehensive and adaptive security measures.

CyberRisikoCheck_Logo_big

Many small and micro enterprises (SMEs) want to improve their IT security but don’t know where to start. Existing standards such as the BSI’s IT Baseline Protection Compendium or the ISO/IEC 27001 standard are often too complex and resource-intensive for companies with fewer than 50 employees.

With the new DIN SPEC 27076 consulting standard, companies with up to 50 employees can work with an IT security service provider to assess their IT security, identify vulnerabilities, and secure their business in a cost-effective manner.

As a qualified IT service provider for the German Federal Office for Information Security (BSI), we at ASTRAN are authorized to perform the CyberRiskCheck in accordance with DIN SPEC 27076.

Everyone is attacked, there are no exceptions!

IT security is a matter for top management!
NIS2 Consulting for Businesses

The NIS2 Directive significantly expands cybersecurity requirements in Europe and affects far more companies than the previous NIS regulation. For affected organizations, cybersecurity thus becomes a strategic management task—with clear obligations in the areas of risk management, incident reporting, governance, and supply chain security.

ASTRAN helps companies assess their exposure, identify necessary actions, and systematically integrate NIS2 requirements into their organization. In this way, regulatory pressure is transformed into a robust security and resilience strategy for practical implementation.

NIS2 understand. Implement requirements. Strengthen resilience.

With NIS2, the European Union is establishing a binding framework for a high common level of cybersecurity. The directive replaces the previous NIS Directive and significantly tightens the requirements for companies in critical and important sectors.
The focus is not only on technical protective measures, but also on clear responsibilities, robust processes, and greater involvement of senior management. This is precisely where our NIS2 consulting services come in.

Which companies are affected by NIS2?

NIS2 significantly expands the scope of application and covers a total of 18 sectors, including energy, transportation, healthcare, digital infrastructure, public administration, space, postal services, food production, and waste management. Classification depends on the sector to which an entity belongs, the criticality of the services provided, and certain size criteria such as the number of employees or revenue.
Companies must therefore assess at an early stage whether they are classified as essential or important entities. This classification significantly determines which requirements apply and the intensity of oversight and enforcement.

Key requirements of the NIS2 Directive

NIS2 requires companies to implement comprehensive cyber risk management. Risks must be systematically identified, assessed, and continuously monitored. This includes, among other things, access controls, encryption, security measures for networks and systems, backup and recovery strategies, incident response, business continuity, security policies, and employee training.
In addition, harmonized reporting requirements apply to security incidents. These include an initial report within 24 hours, a detailed report within 72 hours, and a final report within one month. To meet these requirements, companies need clearly defined processes, responsibilities, and robust escalation procedures.

NIS2 is a top priority

A key difference from previous regulatory approaches is that NIS2 explicitly embeds cybersecurity at the management level. Management bodies must approve security measures, monitor their implementation, and undergo regular training. This makes cybersecurity a governance responsibility with strategic relevance for the organization.
For companies, this means that information security must not remain isolated within IT. It must be integrated into decision-making processes, responsibilities, and overall corporate management.

Considering Supply Chain Security

NIS2 focuses not only on individual companies but also on security throughout the supply chain. Organizations must take into account risks associated with service providers and suppliers and incorporate security requirements into their collaborations.
Even companies that are not directly subject to NIS2 may be indirectly affected. In practice, this often results in contractual obligations, audit requirements, and documentation requirements vis-à-vis customers and partners.

What We Offer
Our Services in the Area of NIS2

Assessing your exposure in terms of sector, company size, and regulatory classification.

Analysis of your current security level as well as existing processes and responsibilities.

Identification of gaps in risk management, governance, and incident management.

Support in establishing structured reporting, escalation, and response processes.

Consulting on integrating management, business units, and IT into an effective security model.

Consideration of requirements for suppliers and service providers, as well as documentation requirements, throughout the value chain.

The Benefits for You

With a structured NIS2 preparation process, you can gain clarity on your regulatory obligations and the specific areas where action is required. At the same time, you will strengthen your organizational resilience, improve your ability to respond to security incidents, and establish a solid foundation for sustainable information security.

Check now NIS2 vulnerability

Would you like to know whether and to what extent your company is affected by NIS2? We can help you assess, prioritize, and implement the relevant requirements.

Let's work together to improve your company's IT security! Contact us—we will guide you competently.
Contact us NOW
We look forward to hearing from you.


    Our references
    • PSI
    • TransnetBW
    • CORYS
    • Zedas
    • RailComplete
    • Zöllner
    • everii Group
    • Neovendi
    • StromnetzHH
    • SIGNON
    • TranSys
    Back to top of page