This year's TakeAware security awareness conference, held on 21–22 May 2025 in Wuppertal, Germany, was themed “The Awareness BOOMerang – Finally, something's coming back!” and offered plenty of inspiration on all aspects of security awareness with exciting presentations, practical workshops and intensive discussions. The focus was particularly on awareness campaigns for aspects of information security like social engineering and business continuity management. When security awareness is not just seen as a normative requirement, it not only creates a better understanding of the importance of cybersecurity but also provides impetus for development.
The Awareness BOOMerang describes the following effect: measures and investments in awareness pay off in the long term – security cultures emerge or can grow, ensuring that an organisation and all its employees remain vigilant and capable of acting.
Finding the balance between technological possibilities and human awareness is an important challenge to master. E-learning campaigns or other approaches, some of which are AI-supported, are only part of how information security awareness teams can achieve their goal of making colleagues aware that information security is not just a technical matter. Whether at work or at home, we are all potential targets for cybercriminals.
A crucial approach to all the best practices shared at the conference continues to be that people play a central role in information security. Ultimately, one-hour workshops can playfully achieve greater understanding and impart knowledge about how to deal with digital threats than a purely technical four-day workshop. In this way, human-centred security is being further developed within the community to remain at the cutting edge of methodology and technological development.
DENIC was also present again this year. Dorit Richter was delighted with the valuable exchange, especially with colleagues from the neighbouring registry Switch. In addition to registry operations, Switch also has a large cybersecurity awareness division, and the games developed there have been enjoyed by all DENIC employees and provided them with valuable insights.
‘These security awareness measures in the style of “serious games” are not designed to “trick” the players, but to promote active learning, and we at DENIC are eagerly awaiting a new game from Switch ;-)’, concluded Dorit Richter.
