Bundesbank Reported 5,000 Cyberattacks per Minute Against Its IT Systems

What happened

The Bundesbank cyberattack volume disclosure stated that Germany’s central bank is receiving an intense flow of attacks against its IT systems, described publicly by Joachim Nagel, President of the Bundesbank, on January 26, 2026. Nagel said the institution sees 5,000 attacks per minute on its IT systems alone and that total annual attacks exceed 2.5 billion. The statement characterized the situation as a “never-ending race” and referenced defensive steps taken by the bank, including stricter employee background checks, enhanced IT security measures, and improvements to business continuity management plans. The report also noted the timing aligned with comments from Alexander Dobrindt, Germany’s Federal Interior Minister, who discussed escalating efforts against cybercrime.

Who is affected

Bundesbank operations and systems are directly affected by the sustained attack volume, with potential indirect implications for connected financial-sector infrastructure and service continuity. Exposure is primarily operational, reflecting persistent hostile probing rather than a confirmed breach in the disclosed details.

Why CISOs should care

High-frequency attack volumes against critical financial institutions demonstrate the baseline “always-on” threat environment and the operational burden of continuous probing. Persistent pressure increases risk of control fatigue, misconfiguration drift, and resource diversion from strategic initiatives, especially in regulated environments.

3 practical actions

• Stress-test operational resilience: Validate that DDoS protections, SOC processes, and business continuity plans handle sustained high-volume intrusion attempts without degrading response quality.

• Prioritize identity and insider safeguards: Review screening, privileged access controls, and monitoring practices aligned with the heightened pressure described by Bundesbank leadership.

• Measure control effectiveness under load: Regularly test detection and response SLAs during simulated attack spikes to ensure tooling and workflows perform reliably at scale.