Cyberattacks against companies

Project period

01.12.2017 – 30.11.2020

Project staff

Arne Dreißigacker

Nicolas Huaman

Bennet von Skarczinski

Gina Rosa Wollinger (project manager)









Forschungszentrum L3S der Leibniz Universität Hannover

Project description

While falling numbers of cases have been recorded in many crime areas in Germany in recent years, cybercrime offenses are becoming a growing phenomenon. In particular, companies are the focus of cybercriminals. Affected companies often experience enormous financial or competitive disadvantages as a result. On the one hand, unlike large companies, small and medium-sized businesses often lack awareness of the potential dangers of cyberattacks and, on the other hand, ways of effectively implementing IT security in the enterprise.

On the basis of an interdisciplinary team of scientists from the fields of computer science, criminology, sociology and economics, the project of the Criminological Research Institute of Lower Saxony (KFN) and the research center L3S of the Leibniz University Hanover aims to assess the situation of IT security relating to cyberattacks in Germany and develop recommendations for action by companies and state authorities. Within the framework of the project, a representative survey of 5,000 companies in Germany will be conducted. This study focuses on how well companies protect themselves against cyberattacks and how effective these efforts are. It also examines how companies respond to attacks and what role government agencies like the police and the constitutional protection department play in this. In addition, field studies will be used to analyze how well existing recommendations for action can be implemented by the respective IT officers in companies and how they deal with incidents in order to correctly recognize attacks and react accordingly.

The findings from the individual investigations will be used in a second phase of the project in order to prepare recommendations for action and to make them accessible to small and medium-sized enterprises in a variety of ways. Among other things, an online platform will be developed that will enable companies to make an initial assessment of their own cyber-threat exposure and get further help.