The escalating threat landscape in cyberspace is forcing companies and public institutions to fundamentally rethink how they protect critical infrastructure. Dr. Ferri Abolhassan, CEO of T-Systems and member of the Deutsche Telekom Board of Management, is driving the development of sovereign digital infrastructures and sees security as a key growth engine for both SMEs and large enterprises across Germany. In this interview, he discusses digital resilience and explains how Europe can establish its own technological standards.
Dr. Abolhassan, how has your role evolved from being a “security driver” at Telekom to shaping digital sovereignty and resilience for business and government?
Both topics have been part of my entire career. Ten years ago, when I led the IT division of T-Systems, I helped build what is now “T-Sec.” Today, as CEO of T-Systems and a member of the Telekom Board, I see myself more as an architect of sovereign digital infrastructures. As the Magenta team, our mission is to provide a digital basic service—comparable to electricity or water—but for data, AI, and cloud solutions. In doing so, we strengthen the resilience and competitiveness of companies, public institutions, and ultimately the country.
Why is digital resilience now just as critical as traditional physical security?
Digital resilience means designing systems that can withstand cyberattacks, sabotage, and outages. Just like in physical security, the goal is to remain operational even under attack. When critical disruptions occur in factories, hospitals, or energy providers’ operations—such as a power outage caused by an arson attack—they can cost millions, erode trust, and in the worst case, endanger lives. We are experiencing a digital turning point where security and availability must be considered alongside functionality and cost from the outset.
You are known as a leader in sales and growth. How do you “sell” cybersecurity—often seen as a cost factor—to executive boards?
Viewing security purely as a cost is a misconception companies can no longer afford. Security is not a cost center—it’s growth insurance. Today, boards are accountable not only for revenue and margins, but also for resilience, continuity of supply, and compliance—toward both customers and regulators. I don’t argue in terms of firewalls; I talk about business risk: Can they keep production running at all times? Can they reliably serve their customers or patients? In my discussions with CEOs and CIOs, I see a growing awareness that the threat landscape is real—and must be taken seriously.
Is absolute security an illusion, meaning we should focus primarily on rapid recovery and resilience?
In the digital world, absolute security is indeed an illusion. Anyone claiming otherwise is overpromising. You can protect yourself as effectively as possible, but never 100 percent secure. The real priority is to detect incidents quickly, contain them, and restore IT systems securely. That requires end-to-end resilience—from architectural design and emergency planning to zero-outage standards.
You introduced “Zero Outage” at T-Systems more than a decade ago. What lessons from that initiative are most relevant today for public authorities, hospitals, energy providers, and other operators of critical infrastructure—especially in light of NIS2?
“Zero Outage” has been part of our DNA for years. Quality and security are not projects—they are a mindset. It has shown that maintaining high standards, robust processes, and continuous training is essential to minimize disruptions and outages. This is not a sprint; it’s a marathon. For energy providers or banks, it means going beyond checklists and thinking end-to-end—from supply chains and operational processes to clearly defined responsibilities in a crisis.
How are the AI Act and NIS2 changing the rules for companies and public institutions—and what must decision-makers do now to become not just compliant, but truly resilient?
Both are often labeled as bureaucratic burdens. I see them differently. They act as a safety belt for digital transformation, forcing us to take risks seriously, clarify responsibilities, and make resilience measurable. Those who use this proactively to build trustworthy digital services gain a real competitive advantage. Our role is to translate these regulations into practical solutions—making them manageable, simple, and tangible for our customers.
With our Industrial AI Cloud, we offer both large enterprises and SMEs a unique opportunity to advance their business intelligently—without relinquishing control over sensitive data
Dr. Ferri Abolhassan, CEO T-Systems and Board Member of Deutsche Telekom
Many talk and discuss about “digital sovereignty.” What truly makes an AI or cloud solution sovereign—from a technical, legal, and political perspective?
There are three dimensions. Data sovereignty means that data is stored in a European data center, encrypted, and fully controlled by the customer. Legal sovereignty ensures that foreign authorities cannot access that data. Technologically, the key questions are: Do we have open standards, interoperability, and the ability to move workloads freely—rather than being locked into proprietary systems? True digital freedom only exists when companies get the sovereign cloud solution that fits their exact needs.
Has Europe lost the race for hardware and platforms, leaving us to defend sovereignty only at the software and security level?
Others may be ahead in the race for hyperscaler platforms and parts of hardware production. But sovereignty does not mean building everything yourself—it means controlling the strategic levers: data, processes, standards, and security. In Munich, for example, we recently launched the world’s first industrial AI cloud together with partners such as NVIDIA, SAP, and Siemens. With our Industrial AI Cloud, we offer both large enterprises and SMEs a unique opportunity to advance their business intelligently—without relinquishing control over sensitive data. This is how we remain competitive: through partnerships and alliances. There is still much to do, and we must also accept a degree of dependency in certain areas.
Deutsche Telekom is increasing its involvement in the defense sector, including a multimillion investment in Quantum Systems, a Munich-based drone startup. What was the rationale, and how does society benefit from this collaboration?
Without security, there is no freedom—this applies in both the digital and physical worlds. Our engagement in the defense sector is a response to growing threats at home and abroad. This extends to defense, counter-espionage, the protection of large-scale events such as European or World Championships, and civil protection more broadly. It is about actively safeguarding our networks, democratic institutions, and ultimately people. We see this as both necessary and responsible.
Public security is about more than technology. What concrete steps must government, business, and academia take now for Europe not only to catch up in AI, cloud, and defense, but to set its own standards?
We must not be naive. Some might say the train has already left the station. I would say: the train has only left if no new one is built. And right now, we are putting a new one on the tracks in Munich. That is our contribution to the “Made for Germany” initiative. We want to lead from the front—making Germany and Europe stronger and more competitive.
You can display all external content on the website at this point.
I agree that personal data may be transmitted to third-party platforms. Read more about this in our privacy policy.
Explore how AI-powered cyber security dramatically accelerates response times and effectively minimizes risk. With real-time threat detection, automated defense mechanisms, and the expertise of a global security team, T-Systems helps companies protect their IT infrastructure more effectively. This enables them not only to react faster to attacks, but also to detect potential threats early and stay one step ahead at all times.
