International political changes are causing uncertainty in the global economy. The cybersecurity sector is also affected. Europe is repositioning itself, with the goal of achieving digital sovereignty.
Tariffs and trade barriers are increasingly drawing attention to the dependence on transatlantic IT service providers and security vendors – a circumstance that concerns many companies. In this context, implementing cybersecurity is becoming particularly challenging. Digital sovereignty is seen as the key to a solution, yet despite numerous innovative approaches, its realization remains complex.
“We are currently experiencing strong momentum in favor of Europe,” said event director Thimo Holst at the opening of this year’s it-sa Expo&Congress. Trade conflicts and tariffs are unsettling companies, and they are reacting with growing concern. Even international IT giants such as Samsung are affected: customers are worried about dependencies on products and components. “Large corporations now want written confirmation of where Samsung manufactures and where our suppliers are based,” says Tuncay Sandikci, who is responsible for the business customer segment in Germany at Samsung. “Since April we have seen growing interest in this,” he adds, when the issue of tariffs came up in the United States. Inquiries have also increased regarding where the servers for the Knox Suite – Samsung’s enterprise solution for securing mobile devices – are located. Customers are reassured to learn that these are located in South Korea or, for Europe, in Dublin, Ireland. However, some companies are demanding more: “Individual customers with high security requirements want to operate the Knox platform on-premises,” Sandikci adds. This can also be arranged.
Top topic: digital sovereignty
Dependencies on transatlantic IT providers are giving many companies cause for concern. The trigger is changes in U.S. policy and the debate about tariffs and trade barriers. The United States is considered a market leader in technologies such as cloud computing and artificial intelligence, while China also plays a pioneering role. Reducing dependence on these countries for key IT technologies is the aim of the widely discussed concept of digital sovereignty. At this year’s it-sa Expo&Congress, this was the overarching topic. However, it is by no means understood as autarky. International cooperation remains important. Nevertheless, greater independence, especially from market-leading monopolists, could make the economy less vulnerable to disruption from external factors. Yet Europe is not only dependent on U.S. technologies in cloud computing or artificial intelligence. This dependence extends across wide areas of IT, and the cybersecurity sector in particular shows a strong dominance of U.S. providers. “We estimate that currently around 70 percent of the market is covered by non-European providers,” reported Joanna Swiatkowska in an interview during the trade fair. She is head of the European Cyber Security Organisation (ECSO), which seeks to promote cooperation between public and private actors in cybersecurity. Around 50 percent of all acquisitions and mergers of European security providers are carried out by companies outside Europe, she emphasized at the press conference. A prominent example is the acquisition of the German email security specialist Hornetsecurity from Hanover by the U.S. company Proofpoint earlier this year. Even when European security firms offer alternatives, they often rely on U.S.-based cloud services in the background. The increasing use of AI across virtually all areas and products in cybersecurity further intensifies this dependency. “Moreover, the growing technological decoupling between China and the United States is forcing companies and countries more and more to choose one side,” fears Swiss security researcher Jean-Marc Rickli, who delivered this year’s special keynote at the trade fair.
These international developments are increasingly coming into focus for companies. According to a survey conducted by Slovak security provider ESET, 44 percent of the companies surveyed are therefore considering switching their IT security provider. Seventy-five percent of them would prefer European providers. “In sensitive sectors such as healthcare, as many as 82 percent of companies are planning to switch to an EU provider,” the study states.
The 11-billion-euro market
The economic implications should not be underestimated, as in Germany alone the market volume amounts to 11 billion euros according to Bitkom figures. Swiatkowska notes: “The cybersecurity sector is a market segment that offers strong growth potential.” Bitkom President Ralf Wintergerst supported this assessment with current-year figures at the press conference: “The German cybersecurity market is growing by ten percent, while the entire German IT market is growing by only five percent.” Nevertheless, the share of German products on the global market is below five percent, Wintergerst criticizes. It is therefore crucial to raise awareness of European products and promote a “Buy European” mindset, demands Swiatkowska. EU products should be more strongly considered in procurement processes.
Options are available: “There are areas in which European solutions exist and are competitive,” notes Maik Wetzel, referring to his employer ESET, where he is responsible for strategic business development in the DACH region. With regard to cloud connectivity, ESET customers have alternatives, as the products can also be operated on-premises or in hybrid environments. “In addition, customers can already choose the cloud location, for example Germany,” Wetzel adds. Offering a brief look behind the scenes, he notes that ESET is currently working to build cooperation with other European providers in order to create synergies for complete solutions. ESET has already joined such an alliance, the Technology Alliance Program (TAP), as have many others. At the it-sa Expo&Congress, exhibitors are looking for further opportunities: “We also use the trade fair to hold meetings with providers to see where cooperation is possible,” explains Wetzel. The German industrial security specialist Asvin may also be interested in such partnerships. “The topic of digital sovereignty is a major concern for our customers,” emphasizes Mirko Ross, security expert and CEO at Asvin. However, he cautions: “The economy alone will not be able to regulate this.” Ross adds: “The large monopolists in the United States grew massively through government procurement and contracts.”
No quick solution in sight
Wintergerst has also noticed changes in how competitors interact: “German providers talk much more with one another than they used to,” he observes. At the same time, he warns against excessive expectations: “We will not be able to replace American products within the next one to two years; that would be completely unrealistic,” he is convinced. After all, the status quo did not arise overnight but is the result of decades of development. Many U.S. companies are market leaders for a reason – “they simply have good solutions,” says Wintergerst. These solutions have often become an integral part of established business processes and cannot simply be replaced. This view is shared by Claudia Plattner, President of the Federal Office for Information Security (BSI). At the press conference, she called for a “dual strategy: developing new technologies in Germany and making foreign ones secure for us.”
