Cyberattacks against companies

Project period

01.12.2017 – 30.11.2020
(extended until 31.03.2021)

Project staff

Arne Dreißigacker (project manager)

Bennet von Skarczinski

Nicolas Huaman

Dr. Anja Stiller



The initiative “IT security in the economy” of the Federal Ministry for Economic Affairs and Energy wants to support small and medium-sized enterprises with the safe employment of ICT systems. Together with IT security experts from science, industry and administration, a basis is to be created for strengthening awareness in the digital economy in the area of ​​IT security in the SME sector. Companies should be empowered to improve their IT security through concrete support measures. Further information about the initiative and its offers can be found at

Additional funding

Project description

While falling numbers of cases have been recorded in many crime areas in Germany in recent years, cybercrime offenses are becoming a growing phenomenon. In particular, companies are the focus of cybercriminals. Affected companies often experience enormous financial or competitive disadvantages as a result. On the one hand, unlike large companies, small and medium-sized businesses often lack awareness of the potential dangers of cyberattacks and, on the other hand, ways of effectively implementing IT security in the enterprise.

On the basis of an interdisciplinary team of scientists from the fields of computer science, criminology, sociology and economics, the project of the Criminological Research Institute of Lower Saxony (KFN) and the research center L3S of the Leibniz University Hanover aims to assess the situation of IT security relating to cyberattacks in Germany and develop recommendations for action by companies and state authorities. Within the framework of the project, a representative survey of 5,000 companies in Germany will be conducted. This study focuses on how well companies protect themselves against cyberattacks and how effective these efforts are. It also examines how companies respond to attacks and what role government agencies like the police and the constitutional protection department play in this. In addition, field studies will be used to analyze how well existing recommendations for action can be implemented by the respective IT officers in companies and how they deal with incidents in order to correctly recognize attacks and react accordingly.

The findings from the individual investigations will be used in a second phase of the project in order to prepare recommendations for action and to make them accessible to small and medium-sized enterprises in a variety of ways. Among other things, an online platform will be developed that will enable companies to make an initial assessment of their own cyber-threat exposure and get further help.

For more information and news, visit the project website –

Project related publications

Skarczinski, B. v., Dreißigacker, A. & Teuteberg, F. (2022). More Security, less Harm? Exploring the Link between Security Measures and Direct Costs of Cyber Incidents within Firms using PLS-PM. Wirtschaftsinformatik 2022 Proceedings. 2.

Skarczinski, B.v., Dreißigacker, A. & Teuteberg, F. (2022). Towards enhancing the information base on direct costs of cyber-attacks on organizations: Implications from literature and a large-scale survey. Organizational Cybersecurity Journal: Practice, Process and People (OCJ).
doi: 10.1108/OCJ-08-2021-0020.

Dreißigacker, A., Skarczinski, B. v. & Wollinger, G. R. (2022). Unternehmen als Opfer von Cyberkriminalität. In: T. G. Rüdiger & P. S. Bayerl (Hrsg.): Handbuch Cyberkriminologie. Wiesbaden: Springer VS.
doi: 10.1007/978-3-658-35450-3_43-1.

Dreißigacker, A., Fahl, S., Huaman, N., Skarczinski, B. v., Stransky, C., Wollinger, G. R. (2021). Cyberangriffe gegen Unternehmen. Projektabschlussbericht. Hannover: KFN.

Huaman, N., Krause, A. Skarczinski, B. v., Wermke, D., Stransky, C., Acar, Y., Dreißigacker, A. & Fahl, S. (2021). Cybercrime in Small and Medium-sized Enterprises. SOUPS 2021 Posters.
Verfügbar unter: (zuletzt geprüft am 17.12.2021)

Wollinger, G. R. & Dreißigacker, A. (2021). Unternehmen müssen wissen, welche Vorteile eine Anzeigeerstattung im Bereich Cybercrime hat. Zentrale Ergebnisse einer deutschlandweiten repräsentativen Unternehmensbefragung. Newsletter für Führungskräfte der Polizei NRW.

Wollinger, G. R. & Dreißigacker, A. (2021). Cyberangriffe gegen Unternehmen in Deutschland. Ausmaß und Entwicklung. Justiz Newsletter der Führungsakademie im Bildungsinstitut des niedersächsischen Justizvollzuges, 18 (34), S. 7-11.

Dreißigacker, A.; von Skarczinski, B. & Wollinger, G. R. (2021): Cyberangriffe gegen Unternehmen in Deutschland. Ergebnisse einer Folgebefragung 2020. (KFN-Forschungsberichte No. 162). Hannover: KFN.

Skarczinski, B. v.; Boll, L. & Teuteberg, F. (2021): Understanding the adoption of cyber insurance for residual risks – An empirical large-scale survey on organizational factors of the demand side. In: European Conference on Information Systems (ECIS 2021), Research Papers, 72.
Verfügbar unter:

Huaman, N.; Skarczinski, B. v.; Wermke, D.; Stransky, C.; Acar, Y. Dreißigacker, A.; Fahl, S. (2021): A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises. In: Proceedings of the 30th USENIX Security Symposium, USENIX Security ’21.

Dreißigacker, A.; von Skarczinski, B.; Wollinger, G. R. (2020): Cyber-attacks against companies in Germany. Results of a representative company survey 2018/2019. (KFN-Forschungsberichte No. 158). Hannover: KFN.

Stiller, A.; Boll, L.; Kretschmer, S.; Wollinger, G. R. & Dreißigacker, A. (2020). Cyberangriffe gegen Unternehmen in Deutschland. Ergebnisse einer qualitativen Interviewstudie mit Experten.
(KFN-Forschungsberichte No. 155). Hannover: KFN.

Dreißigacker, A.; von Skarczinski, B.; Wollinger, G. R. (2020): Cyberangriffe gegen Unternehmen in Deutschland. Ergebnisse einer repräsentativen Unternehmensbefragung 2018/2019. (KFN-Forschungsberichte No. 152). Hannover: KFN.

Kriminologisches Forschungsinstitut Niedersachsen e.V.  (2020):  Cyberangriffe  gegen  Unternehmen.  Ergebnisse  einer  repräsentativen  Unternehmensbefragung  in Deutschland 2018/2019. Kurzbericht. Hannover: KFN.

Dreißigacker, A.; von Skarczinski, B.; Wollinger, G. R. (2020): Im Visier: Repräsentative Studie zur Cyberkriminalität in deutschen Unternehmen. iX – Magazin für professionelle Informationstechnik (6/2020), S. 78-81. Verfügbar unter: (zuletzt geprüft am 11.06.2020).