This chapter traces the evolution of German cybersecurity strategy throughout the past two and a half decades. During this period, the German approach to cybersecurity strategy has developed from a civilian preventive one to a more comprehensive one, which today includes strategic military aspects. In following, this chapter illustrates the development of cybersecurity strategy in three phases. The first phase (1991 to 2011) marks the emergence of cybersecurity as a strategic issue in the context of critical information infrastructure protection. In the second phase (2011 to 2016), the government consolidated existing policies after adopting its first national cybersecurity strategy in 2011. The Snowden revelations in 2013 lifted cybersecurity sharply up the political agenda. In the third phase, from 2016 to early 2018, Germany adopted its second national cybersecurity strategy that outlines a comprehensive approach to cybersecurity, as well as a national defence strategy, which for the first time emphasised the strategic military dimension of cybersecurity within a hybrid warfare context.