Cybersecurity in focus at XPONENTIAL Europe

Wolfgang Straßer estimates that more than 300,000 variants of malware are released worldwide every day. He is a security expert and advises leading international industrial companies, government agencies and intelligence services on how to avert and better prevent cyberattacks, espionage, data leaks and digital extortion. 

Cyber resilience will be a key topic at XPONENTIAL Europe, which will take place in Düsseldorf from 24 to 26 March 2026. This is because autonomous systems – whether they fly, drive or swim – must be optimally protected against attacks in order to prevent damage and malfunctions. 

We spoke with Straßer, founder and owner of @-yet and @yet-Industrial IT-Security about where he sees opportunities for standardising security solutions and what role the use of AI plays in this. 

Mr Straßer, you deal with criminal acts committed by hackers on a daily basis and help your customers to avert or limit damage. In your experience, what motivates hackers to attack?
In general, the motivation can be divided into three main categories:

First, there are financial interests. This always boils down to extortion through ransomware, i.e. malware that is used to steal or encrypt data.

The second major area is data theft, often in conjunction with a ransomware attack. Here, the focus is on industrial espionage. State actors are increasingly involved in espionage. We are not the only ones observing ever-increasing activity from Russia and China.

The third major area is sabotage. This mainly affects companies and organisations that are part of critical infrastructure. This area is primarily associated with hybrid warfare, which has been experiencing an enormous upswing since the beginning of the war in Ukraine.

You have been an expert in cybersecurity for decades. How have data security requirements changed in recent years?
Both the attackers and the attack scenarios are becoming increasingly complex and professional. In the past, cyberattacks were sporadic and more random events carried out by individuals or small groups. Today, highly professional, highly organised and, in some cases, state-supported groups are at work, operating like highly efficient companies – including distributed roles, responsibilities and specialist departments. One 'department' searches for vulnerabilities, the next writes malware to exploit them, and the third carries out the attacks. There is actually a market where security vulnerabilities and services are traded.

In addition, systems were not as interconnected in the past. This has changed fundamentally in the age of automated, highly integrated and cross-departmental processes and web-based services. The Internet of Things is also becoming increasingly prevalent. PCs, televisions, smartphones, wristwatches and even kitchen appliances are now connected to the internet. Each of these devices can become a potential gateway.

Today, companies must invest not only because of the massive increase in risk, but also because of increasing legal requirements. The GDPR, for example, requires companies to implement extensive security measures. On the one hand, of course, to protect data from unauthorised access. On the other hand, however, also to avoid the enormous fines that threaten in the event of data protection violations. And what many managers in companies are not aware of is that they are also responsible for the data security of third parties. When data is stored in the cloud, the owners of the data are obliged to regularly check the security measures taken by the cloud provider.

Another major problem for data security is the rapid development of artificial intelligence. This starts with the entry of personal data into a chatbot, which in itself is a violation of the GDPR. But malware developers are also using this technology, which is leading to an enormous acceleration in development processes. Today alone, we have over 300,000 new variants of malware every day. And we can see very clearly every day that the pace is increasing.

XPONENTIAL Europe showcases autonomous systems and the components required for them. Many of these autonomous systems – whether they fly, drive or swim – are now also programmed or controlled by AI. How important are cybersecurity measures in this context?
It is important and right that XPONENTIAL Europe, as the leading trade fair for autonomous systems, has cybersecurity at the top of its agenda. Security will play a huge role in autonomous mobility, especially in cities. The number of interfaces and signals required to control mobility is enormous and cannot be managed without AI.

However, the issue of security must also be considered in the context of the Cyber Resilience Act. This EU regulation has been in force since 2024 and obliges manufacturers and importers of – as it is so nicely put – products with digital elements to comply with minimum standards for cybersecurity. It does not matter whether it is hardware or software. By December 2027 at the latest, all companies must comply with these requirements . The security of digital systems is therefore not a "nice to have". It is an obligation.

As far as AI is concerned, the EU has also taken action here and created a legal framework with the AI Regulation that governs the development and operation of AI systems. This regulation specifies very precisely what is and is not permitted with artificial intelligence.

It is important that these two regulations are complied with and that compliance is strictly monitored. Autonomous systems must be reliable and secure, especially in areas where human lives or civil rights are at stake. 

In addition to your role as managing director, you are also a member of the executive committee of the German-Israeli Business Association (D-I-W), responsible for cyber/cybersecurity/resilience and North Rhine-Westphalia. The geopolitical situation with the war in Gaza is therefore certainly something that concerns you. As a cybersecurity expert, what opportunities and risks do you see in the field of defense using autonomous systems?
Personally, I am somewhat torn on this issue. On the one hand, digital systems can react much faster and more precisely than humans ever could. On the other hand, we must not forget the vulnerability of these systems. But the "dehumanisation" of war, which is already dehumanised as such, can also have terrible, unforeseeable consequences. We are already seeing this today in Russia's drone war in Ukraine. Even with sophisticated systems, no one can guarantee 100% security. Who will be held responsible if a system responds to an attack that is not actually taking place? In the field of defense in particular, we probably need completely new systems. Israel, for example, is already testing laser defense weapons, guaranteed to be AI-supported.

The same applies when we talk about autonomous systems in the field of cybersecurity. Security systems already exist today that independently monitor network traffic and take action or at least issue warnings when anomalies are detected.

However, since you mention the D-I-W: what I found remarkable during my regular visits to Israel is the technological and organisational status of this country in terms of defense and civil protection. This also applies to the digital space. Israel has developed technologies and concepts that should serve as examples for other countries. 

Defense technologies will also be showcased for the first time at XPONENTIAL Europe in 2026. Uniform platforms and standards are important for both civil and military applications and will be a prominent topic at the trade fair, as they are essential for economically viable production. Can this insight also be applied to the topic of cyber security? Do uniform platforms and standards also mean greater security?
There is no simple yes or no answer to this question. From a security perspective, uniform standards and platforms have both advantages and disadvantages.

One major advantage is that uniform systems can be protected more effectively because specialists for these systems can become true security experts who know their platforms inside out. In addition, security updates can be rolled out much faster than is possible for a large number of different systems.

However, if we take the example of Microsoft Windows, we see that widespread use also increases its attractiveness to attacks. If an attack works on one system, it is quite likely to work on millions of systems.

Uniformity CAN work if cybersecurity is made a priority from the outset. Every line of code and every screw must be subject to the principle of "safety first". 

Finally, here's a general question for you that has preoccupied many generations: humans or (autonomously operating) machines? Which has greater potential to open the floodgates to hackers?
Every machine, every digital system and every error in that system was ultimately created by a human being. In other words, humans will continue to defend this title (digitally) with confidence for quite some time to come.
 

Further information at: 
www.xponential-europe.de

www.linkedin.com/showcase/xponential-europe/