01.12.2017 – 30.11.2020
Arne Dreißigacker (project manager)
Bennet von Skarczinski
The initiative “IT security in the economy” of the Federal Ministry for Economic Affairs and Energy wants to support small and medium-sized enterprises with the safe employment of ICT systems. Together with IT security experts from science, industry and administration, a basis is to be created for strengthening awareness in the digital economy in the area of IT security in the SME sector. Companies should be empowered to improve their IT security through concrete support measures. Further information about the initiative and its offers can be found at www.it-sicherheit-in-der-wirtschaft.de.
While falling numbers of cases have been recorded in many crime areas in Germany in recent years, cybercrime offenses are becoming a growing phenomenon. In particular, companies are the focus of cybercriminals. Affected companies often experience enormous financial or competitive disadvantages as a result. On the one hand, unlike large companies, small and medium-sized businesses often lack awareness of the potential dangers of cyberattacks and, on the other hand, ways of effectively implementing IT security in the enterprise.
On the basis of an interdisciplinary team of scientists from the fields of computer science, criminology, sociology and economics, the project of the Criminological Research Institute of Lower Saxony (KFN) and the research center L3S of the Leibniz University Hanover aims to assess the situation of IT security relating to cyberattacks in Germany and develop recommendations for action by companies and state authorities. Within the framework of the project, a representative survey of 5,000 companies in Germany will be conducted. This study focuses on how well companies protect themselves against cyberattacks and how effective these efforts are. It also examines how companies respond to attacks and what role government agencies like the police and the constitutional protection department play in this. In addition, field studies will be used to analyze how well existing recommendations for action can be implemented by the respective IT officers in companies and how they deal with incidents in order to correctly recognize attacks and react accordingly.
The findings from the individual investigations will be used in a second phase of the project in order to prepare recommendations for action and to make them accessible to small and medium-sized enterprises in a variety of ways. Among other things, an online platform will be developed that will enable companies to make an initial assessment of their own cyber-threat exposure and get further help.