The Human Weakness: How 30,000 German Companies Must Reshape Onboarding Under NIS-2
15.06.2026 - 15:25:45 | boerse-global.de
A phishing technique called “EvilTokens” bypasses two-factor authentication by piggybacking on genuine Microsoft sign-ins. Cybersecurity firm ESET recently flagged the campaign, warning that attackers can then roam corporate networks unchecked. That threat – combined with a looming EU directive that took effect in December 2025 and now applies to roughly 30,000 German businesses – is forcing employers to rethink how they train new hires.
The Signal Security Summit, held in Cologne this November, will zero in on the psychological side of cyber resilience. Organisers say human behaviour and cognitive biases are the front line against AI-powered attacks. The event’s focus underscores a broader shift: companies can no longer treat IT security as a purely technical add-on to employee onboarding.
Regulatory Pressure Mounts
The NIS-2 directive (the EU’s updated Network and Information Security regulation) requires affected organisations to implement IT baseline protection, establish risk-management processes, and comply with mandatory reporting obligations. Germany’s Energy Agency (dena) has stressed the urgency. Alongside NIS-2, the EU’s Artificial Intelligence Act adds another layer of compliance tasks.
Training providers are responding. The GFU Cyrus AG now offers certificate courses in machine learning and prompt engineering. Information sessions, such as one held in Gütersloh, coach small and medium-sized enterprises on the security risks of tools like ChatGPT and Microsoft Copilot. Data protection under the GDPR and closing security gaps are central themes.
Patch Tuesday in June 2026 illustrated the scale of the technical challenge. Microsoft closed 206 vulnerabilities, 39 of them rated critical. Two areas drew special attention: flaws in BitLocker and expiring Secure Boot certificates. Regular system maintenance remains a permanent task.
Specialised Sectors, Specialised Needs
Recruiting for niche roles complicates the equation. Octapharma Biopharmaceuticals GmbH, based in Heidelberg, is seeking scientific leadership for research and development – project managers with a master’s degree or PhD in natural sciences and years of pharma project-management experience.
Luxury retail also faces a hiring squeeze. In Metzingen, dozens of positions for brands such as Prada, Versace and Maison Margiela are open. Duties span warehouse management, quality control, customer consultation and CRM. Technical expertise alone no longer suffices; process-oriented skills are increasingly demanded.
Digital Transformation in the Back Office
Germany’s e-invoicing mandate is reshaping how administrative staff are onboarded. Webinars on SAP business networks accompany the roll-out. In finance departments, AI-driven solutions for SAP procure-to-pay (P2P) processes automate invoice coding. Providers like Seeburger and TCG Process promise significantly shorter processing times.
For employers, the takeaway is clear: onboarding must now juggle highly specialised technical requirements with thorough awareness of IT security and a fast-changing regulatory landscape. The weakest link, experts increasingly argue, is not the code – it is the person at the keyboard.
