On 13 November 2025, the German Bundestag passed the final ‘NIS 2 Implementation and Cybersecurity Strengthening Act’ (NIS2UmsuCG). This ends the uncertainty: the EU’s NIS 2 Directive is now binding German law.

The 3 most important game changers in today’s decision:

1. Expanded scope of applicability:

The focus is no longer solely on the traditional 2,000 or so ‘KRITIS’ operators. The categories ‘important’ (e.g. mechanical engineering, food production, chemicals) and ‘particularly important’ (e.g. energy, banking, health) facilities mean that the probability of your company (as one of a total of around 40,000) now being affected has increased massively.

2. Personal liability of management:

The management boards (managing directors, board members) are now personally responsible for the implementation (and non-compliance!) of cybersecurity measures. They must accept the measures and monitor their implementation. Violations are subject to heavy fines that can no longer simply be passed on to the company.

3. Stricter requirements & deadlines:

It is no longer just a matter of having a firewall. NIS2 requires comprehensive risk management that covers the entire supply chain. In addition, the reporting requirements for security incidents are drastically reduced (often to 24 hours for an initial report).

What you should do now:

Those who have only been analysing the situation so far must now take action. NIS2 is not purely an IT issue; it is a strategic management issue that determines the resilience and future viability of companies.

Clarify whether you are affected: Does your company fall under the new regulations? If so, you will also have to meet the requirements of your customers/supply chains.

Perform a gap analysis: Where do you stand? Which of the required measures are missing?

Involve management: Top management must understand the new personal liability risks and release the necessary resources.

Create a roadmap: Develop a clear, prioritised plan to close security gaps and implement management processes.

Still not quite sure what exactly to do? Then we recommend our NIS2 Readiness Check:

Monheim, 2. September 2025 – Das IT Kombinat blickt auf ein außergewöhnlich erfolgreiches Geschäftsjahr 2024 zurück. Mit einem Umsatz von €5.666.337 konnte das Unternehmen sein Ergebnis im Vergleich zum Vorjahr (€3.906.063) deutlich steigern. Der Bilanzgewinn von €861.920 unterstreicht wirtschaftliche Stärke sowie eine überdurchschnittliche Liquidität und Innovationskraft des Unternehmens.

Ein besonderes Highlight des Jahres war die Gründung der KI Kombinat GmbH, einer neuen Tochtergesellschaft, die sich auf die Entwicklung und Implementierung von Lösungen im Bereich Künstliche Intelligenz spezialisiert. Damit setzt das IT Kombinat ein klares Zeichen für die Zukunft und baut seine Position als Innovationsführer in der IT-Branche weiter aus.

„2024 war für uns ein Jahr des Wachstums und der weiteren strategischen Ausrichtung“, sagt Manfred Götz, Geschäftsführer des IT Kombinats. „Mit der KI Kombinat GmbH schaffen wir ein neues Zentrum für intelligente, KI-gestützte Technologien und Lösungen, dass unsere Kunden gezielt bei der digitalen Transformation unterstützt.“

Auch die Indiginox GmbH, eine weitere Tochtergesellschaft der IT Kombinat Gruppe, hat 2024 ein starkes Jahr absolviert. Als wirtschaftlich eigenständiges Unternehmen ist sie nicht im Jahresabschluss 2024 der IT Kombinat GmbH konsolidiert.

Für das Jahr 2025 sind die Weichen bereits gestellt: Das IT Kombinat setzt weiteres Wachstum sowie den gezielten Ausbau seiner Teams und Kompetenzen – insbesondere in den Bereichen IT/OT-Security, Softwareentwicklung und Künstliche Intelligenz bereits erfolgreich um.

Über IT Kombinat
IT Kombinat ist ein innovatives IT-Beratungsunternehmen mit Schwerpunkten in Program- und Projektmanagement, Softwareentwicklung, IT-Infrastruktur, IT/OT-Security sowie strategischem Management.

Das Unternehmen gehört vollständig seinen operativ tätigen Partnern – nicht Investoren. Diese Struktur ermöglicht eine langfristige Ausrichtung mit Fokus auf Kundenzufriedenheit, Fairness und Nachhaltigkeit. IT Kombinat, mit Sitz in Monheim, arbeitet überwiegend dezentral – in Deutschland und weltweit – und setzt auf flexible Arbeitsmodelle.

Als Mitglied im Bundesverband mittelständische Wirtschaft (BVMW) und ausgezeichnet als KUNUNU Top Company 2025 steht IT Kombinat für eine moderne Unternehmenskultur, die Innovation, Weiterbildung und persönliche Entwicklung fördert.

Weitere Informationen finden Sie unter www.itkombinat.com oder auf der Unternehmensseite auf LinkedIn unter https://de.linkedin.com/company/it-kombinat-gmbh .

Pressekontakt:
Thomas Benz
Partner/Prokurist
Telefonnummer: +49 (0)1515 9058793
E-Mail-Adresse: Thomas.Benz@itkombinat.com

What is the GBI?

The Global Biking Initiative (GBI) is an international cycling charity event that was founded by Vodafone employees in 2008 and since then has organized an annual European Tour with the support of sponsors. Up to 400 international cyclists collect donations for aid organizations. The event still has a strong Vodafone connection and is primarily aimed at employees from the ITC sector.  In addition to the sporting and charitable challenge, it is always a good opportunity for networking.

This time, the GBI Europe 2024 Tour brings a reunion with the Swiss mountains. From Bologna in the heart of Emilia-Romagna, we will travel along the northern Italian lakes, crossing the St. Gotthard Pass and through beautiful Switzerland to our tour destination in Zurich.

Date: June 9 – 15, 2024 (Regular registration possible until the end of March 2024)

In addition, we will of course support all our employees who are interested in taking part and offer all participating employees two additional days of vacation. We will also support fundraising with a contribution of EUR 100 per employee.

More about this:

https://www.gbi-event.org/de/events/gbi-europe-2024.html
https://www.gbi-event.org/de/generalfaq_de.html

The first shareholders’ meeting of IT Kombinat took place on Friday, March 01, 2024, Managing Director Manfred Götz presented the financial figures for 2023, which were then formally adopted by the shareholders in the annual financial statements.

IT Kombinat had an incredibly positive founding year in 2023, generating sales totalling EUR 3.9 million with 10 different customers in the company’s first 10 months. After deducting accruals, provisions, depreciation, amortisation and taxes, the company generated a net profit of EUR 178 thousand.  By the end of the year, the company had grown to 19 internal and over 20 external employees.

The company is starting the new year with a cash balance of EUR 534 thousand. Available external funds therefore did not have to be utilised. The current order backlog already ensures good capacity utilisation throughout 2024.

The shareholders have decided not to distribute the profits generated but to continue investing in the company. The company is therefore planning further moderate organic growth in 2024 and, if applicable,  an inorganic option to increase sales and employees in the medium term.

The management and shareholders see the increasing internationalisation of their customers’ IT development as the greatest challenge, which the company intends to meet by further expanding its nearshore capacities in countries such as Ukraine, Kosovo, Romania and Poland.

The founders agreed that the current rapid technological leap in the field of artificial intelligence will lead to fundamental changes in IT consulting in the medium term. They would like to focus on this development in the coming years and expand the business model with various in-house developments, possibly also as part of government-funded projects.

Cybersecurity has been compared to an arms race – as monitoring and malware detection evolve, so do the tactics of cyber adversaries. One of the most concerning developments in recent years is the emergence of adversarial machine learning (AML) which accelerates malware development. This phenomenon has profound implications for IT budget holders, as it necessitates a reevaluation of cybersecurity strategies and resource allocation to effectively counter the rise of malicious software development. 

What is Adversarial Machine Learning? 

Adversarial machine learning is the manipulation of machine learning models by adversaries to evade detection or cause misclassification. This is achieved by exploiting vulnerabilities in the underlying algorithms, data, or training processes to generate adversarial examples. Adversarial examples can be used as inputs that are carefully crafted to deceive or subvert a model. 

EXAMPLE:

Adversarial machine learning techniques can be categorized into various methods. These include gradient-based attacks, where adversaries perturb input data to maximize the model’s prediction error, and model inversion attacks, where adversaries attempt to infer sensitive information about the training data. An early, and well-publicized example was the Kyushu University researchers who in 2017 managed to ‘fool’ many image analysis algorithms. Single-pixel changes in images resulted in their misclassification – a turtle was recognized as a rifle and a stealth bomber was identified as a dog.

Adversarial Machine Learning and Malicious Software Development 

The integration of adversarial machine learning techniques into the realm of cybersecurity has empowered cybercriminals to develop more sophisticated and evasive forms of malware. By leveraging adversarial examples, adversaries can evade detection by traditional security measures and exploit vulnerabilities in machine learning-based defenses. 

Additionally, chatbots such as WormGPT, FraudGPT, DarkBert, or DarkBART provide ways to subvert the security measures of public models for a small monthly subscription (between 60€ and 200€ per month).  

EXAMPLE:

Adversarial machine learning has been used to create stealthy malware variants that can bypass antivirus software, intrusion detection systems, and other security controls. They do this by exploiting weaknesses in machine learning models used for threat detection. Deep statistical analysis of malware variants showed early promise as a method of detecting adversarial malware inputs, but this approach is now viewed only as a partial solution.

Implications for IT Budget Holders 

The proliferation of adversarial machine learning poses significant challenges for IT budget holders, as it introduces new complexities and uncertainties into the cybersecurity landscape. Addressing this threat requires strategic investments in advanced security technologies, threat intelligence, and workforce training to enhance detection and response capabilities. 

EXAMPLE:

According to a 2020 survey conducted by Accenture, 83% of cybersecurity professionals believe that adversarial machine learning will have a significant impact on their organization’s cybersecurity strategy in the next five years. More recently, Accenture predicts over 15% increase in application- and data-security spending through 2025. 

Addressing the Challenge 

To effectively mitigate the impact of adversarial machine learning on malicious software development, organizations must adopt a multi-faceted approach to cybersecurity. This includes investing in robust threat detection and response capabilities, leveraging AI-driven security solutions, and prioritizing employee training and awareness programs. 

EXAMPLE:

In 2021 Gartner predicted that by 2025, 30% of organisations will leverage adversarial machine learning techniques to enhance their cybersecurity defences. Furthermore the Gartner Report “Top Trends in Cybersecurity for 2024” predicts that in 2025, 40% of cybersecurity programs will deploy socio-behavioral principles (such as nudge techniques) to influence security culture across the organisation. This constitutes a dramatic rise from less than 5% in 2021. In addition they predict that by 2027, 50% of large enterprise CISOs will have adopted human-centric security design practices. 

Our in-house Cybersecurity expert Bernhard Borsch gives the following advice: 

“Even small and medium sized enterprises can prepare for this and other new cyberthreats. The judicious use of off-the-shelf and existing software solutions, training of in-house IT experts, and introduction of an Information Security Management System (ISMS) can improve their security posture dramatically. An important mind set to adopt is: Protection is necessary, but a prepared recovery ensures survival!”.

Conclusion

The rise of adversarial machine learning represents a significant challenge for organizations, as it empowers cyber adversaries to develop more sophisticated and resilient forms of malicious software. IT budget holders must recognize the urgency of addressing this threat by not only allocating resources strategically and investing in advanced cybersecurity solutions, but also by employing more human-centric approaches to cybersecurity. By increasing awareness, staying vigilant and being prepared to respond to attacks, organizations can strengthen their defenses and mitigate the risks associated with the accelerated evolution of cyber threats enabled by AML. 

The offices of IT Kombinat were the location for an engaging seminar on the topic of the Network & Information Security Directive2 (NIS2) yesterday. Many thanks to Mr Herbert Schulte, Director of the Wirtschaftssenat for organising the event in partnership with IT Kombinat!

Expanding on the scope of NIS1, NIS2 aims to further strengthen critical infrastructure and essential services within the EU. This should be achieved by requiring companies providing these services to implement appropriate security measures and to rapidly reportany incidents to the appropriate authorities (in Germany the BSI).

Bernhard Borsch, our Information Security specialist and co-founder presented a high-level perspective of NIS2, its scope, and enforcement guidelines. He also outlined the benefits of a business-centric approach to information security and the utility of a general Information Security Management System (ISMS) which encompasses many of the NIS2 requirements.

An active and informative Q&A session followed, with the attendees sharing their experiences of navigating security regulations and discussing the difficulties of recruiting and retaining good information security professionals. SMEs rarely have the resources to launch large security initiatives as some larger companies do, and the challenge of monitoring systems, diagnosing issues, analysing logs, fixing issues and informing authorities can seem daunting. Through his years of IT and OT security experience, Bernhard Borsch was able to provide pragmatic and right-sized guidance

One significant area of discussion was Operation Technology security (OT security), which is a focus of NIS2. OT has traditionally not been within the remit of Information Security teams as these systems (e.g. production lines) operated only within their own networks. With the growth of Industry4.0 and other applications for operative system data, OT systems are increasingly connected to other networks and are thus vulnerable to attack.

We hope all attendees left the event well refreshed and well informed. We look forward to the next even with our Partner BVMW and thank all involved for their time and attention.


Check the teaser slide set below or contact us for additional information!

5. Aligning IT with Business Goals

Ultimately, the success of an IT department is measured by its contribution to the overall success of the business. IT leaders play a crucial role in aligning IT initiatives with the broader goals of the organisation. They must bridge the gap between technical complexities and business objectives, ensuring that IT strategies directly contribute to improved efficiency, cost savings, and enhanced customer experiences. 

Although it sometimes feel like it, IT is not an island – we are the people enabling large parts of our business, whether they are customer-facing solutions or ‘under the hood’ business processes. Understanding, testing, deploying and managing technology is our specialty and it is often easy to misplace the importance of the aligning with the business needs and goals, especially when they are not well communicated to us.

Nevertheless, as IT leaders it is our responsibility to understand the business goals, avoid “Shiny Object Syndrome” and align technology stacks to them. This can be a battle, especially when corporate leadership changes make business goals obscure or when stakeholders resist changing away from a trusted technology – don’t touch a running system, right..!? 

However, if you have the support of a capable and cohesive team, who are accustomed to change, ready to innovate, and aligned with your vision and goals it should not be a big problem to focus them on clearly communicated business goals. In fact, it should help focus their innovation efforts and guide their response to change. 

In conclusion, the importance of leadership in IT cannot be overstated. As organisations increasingly rely on technology to drive their success, effective IT leadership becomes the linchpin that holds everything together. A visionary and adaptive IT leader not only ensures the smooth functioning of IT operations but also propels the organisation forward in the ever-evolving digital landscape. 

“Information technology and business are becoming inextricably interwoven. I don’t think anybody can talk meaningfully about one without the talking about the other.”

Bill Gates

Understanding SAFe’s Adaptability 

SAFe’s core principles revolve around customer-centricity, iterative development, collaboration, and adaptability—traits that are relevant irrespective of company size. These principles, when applied thoughtfully, can benefit smaller companies aiming for structured growth and streamlined processes. 

Flexibility in Implementation 

While SAFe offers a comprehensive framework designed for enterprise-level agility, its flexibility allows adaptation to smaller settings. The modular nature of SAFe allows companies to cherry-pick elements that align with their size, needs, and growth goals. Tailoring SAFe to suit smaller teams or projects can provide a structured approach without overwhelming the organization with unnecessary complexities. 

So, what are the benefits for Smaller Companies? 

Streamlined Communication and Alignment 

Even in smaller companies, communication gaps can hinder progress. SAFe promotes clear communication channels, aligning teams and stakeholders toward shared goals. Implementing SAFe’s communication frameworks can enhance clarity and reduce misunderstandings, facilitating smoother workflows. 

Improved Collaboration 

Smaller teams can still benefit from SAFe’s emphasis on cross-functional collaboration. By implementing SAFe’s collaborative practices, such as Program Increment (PI) Planning, small companies can align efforts, synchronize schedules, and identify dependencies, fostering a more cohesive work environment. 

Scalability Preparation 

As small companies grow, they often face scalability challenges. Implementing SAFe at an early stage can lay the groundwork for scaling Agile practices seamlessly as the company expands. It establishes a mindset and foundational practices that can easily adapt to larger teams and more complex projects in the future. 

Enhanced Visibility and Adaptability 

SAFe’s emphasis on metrics and continuous improvement is invaluable for smaller companies seeking to enhance visibility into their processes and adapt swiftly to market changes. By leveraging SAFe’s metrics and feedback mechanisms, these companies can make data-driven decisions, fostering adaptability and resilience. 

Challenges and Considerations 

Over-Engineering and Complexity 

Implementing SAFe in smaller companies requires caution to avoid over-engineering or introducing unnecessary complexity. Tailoring SAFe to suit the organization’s size and needs is crucial to prevent overwhelming teams with processes designed for larger enterprises. 

Cultural Shift and Adaptation 

Introducing SAFe might require a cultural shift within smaller teams accustomed to more informal Agile practices. Adequate training, communication, and gradual implementation can ease this transition and ensure acceptance and adoption across the organization. 

Conclusion

While SAFe was initially crafted for larger enterprises, its principles and adaptability make it a potentially valuable framework for smaller companies. By selectively adopting and tailoring SAFe’s components, small organizations can harness its benefits—streamlined communication, improved collaboration, scalability preparation, and enhanced adaptability—while mitigating potential challenges. 

Ultimately, the decision to implement SAFe in a smaller company hinges on thoughtful consideration of the organization’s size, goals, and existing Agile maturity. When applied intelligently, SAFe can serve as a guiding framework propelling smaller companies toward structured growth, efficient operations, and sustained agility in an ever-evolving business landscape. 

4. Building Strong Teams

Behind every successful IT initiative is a team of skilled and motivated professionals. Leadership in IT involves more than just technical expertise; it requires the ability to build and lead high-performing teams. This includes cultivating a positive work culture, providing professional development opportunities, and fostering effective communication. A cohesive and well-functioning team is not only more productive but also better equipped to handle the complexities of IT projects. 

Many of us know leaders who seem to effortlessly inspire their teams and I am sure some rare individuals build great teams intuitively but for the most part, it only appears effortless. The vast literature around team building isolates a few (5 -8) key principles implemented by leaders of successful teams. A key point to acknowledge here is that the focus switches to how the team members interact with each other, rather than with their leader(s). This can be difficult for some leaders to grasp and act on, especially if leaders do not also actively participate as ‘hands-on” team members.   

Over half of all tasks within companies are implemented by teams rather than individuals, so the importance of building cohesive and empowered teams cannot be ignored. The complexity of the task is however high and I found Salas & Tannenbaum (2020) most helpful regarding practical tips and also contextual guidance. More conceptual and thought-provoking guidance can be had from Harrington & Mackin (2013). 

Teams are complex and require care and support from their leaders, but the rewards of maintaining a strong team can be a real force multiplier for any IT organization, or as Michael Jordan put it:

“Talent wins games, but teamwork and intelligence win championships”. 

Michael Jordan

Check out previous blogs in this series:

Part 1 – Visionary Guidance

Part 2 – Driving Innovation

Part 3 – Managing Change

3. Managing Change

The IT landscape is dynamic, with constant changes in technology, regulations, and business needs. Leadership in IT involves not only anticipating these changes but also effectively managing them. Leaders must be agile, adaptable, and capable of steering their teams through transitions, whether it’s implementing new software, adopting agile methodologies, or adapting to the latest cybersecurity threats. A skilled IT leader can turn challenges into opportunities for growth. 

Change management can seem to contradict some aspects of being a good leader. Humans often resist change and prefer fixed goals, strategies, and processes, so developing your team to be open for change can be a challenge. There are many books written on change management within organisations and many principles can be applied to smaller teams, such as clearly communicating the context surrounding the change, the impact and urgency of the change. If all you have for your team is “Management has instructed us to do this” then don’t expect a fully-motivated approach to implementation or adoption. 

When implemented correctly, change management can actually strengthen your position as a leader and reinforce trust in you. So, ensure you have the full picture before communicating changes and also display your own readiness to embrace change – only then will you be able to motivate your team and have their full support during implementation. 

“Leadership is an achievement of trust”

Peter Drucker

Check out previous parts of this blog series:

Part 1 – Visionary Guidance

Part 2 – Driving Innovation