I. Why is this a threat to every company?
- Means of attack are always available due to the existing Internet connection
- Targets of attack are omnipresent, e.g. through apps on smartphones and tablets
- Multiple targets can be attacked simultaneously
- Attackers have a potential for high profits with a low risk of detection
- A lack of awareness of the threat leads to insufficient technical and organizational protection measures
- Weaknesses in the software
2. Who are the attackers?
- Internet activists
- Government intelligence agencies
3. What is the potential for damage?
- Financial losses
- Loss of trade and company secrets to the competition
- Loss or negative impact on IT infrastructures
- Blackmail with the threat of publishing the data
- Identity theft
- Loss of reputation
4. Who is responsible for securing the IT systems?
- Every company as well as any other responsible public or non-public body (Section 9 of the Federal Data Protection Act)
- The management board of a German "Aktiengesellschaft" stock corporation (Section 91(2) of the Stock Corporation Act)
- The managing director of a German "GmbH" limited liability company (analogous to Section 91(1) of the Stock Corporation Act)
- Credit and financial services institutions (Section 25a of the Banking Act)
- Telecommunications service providers (Section 109(1) of the Telecommunications Act)
- Parties to a contract subject to major or supplementary obligations
5. What are normally the information obligations following a cyber attack?
- Those affected must be immediately informed
- The supervisory authority must be immediately informed
6. What risks are posed by noncompliance with statutory and contractual obligations?
- Fines of up to €300,000 against companies and responsible individuals
- Contractual and tort damage compensation claims of unlimited amount from those affected
7. Our services
We advise you on all legal issues relating to cyber crime – before and after a cyber attack:
Before a cyber attack
- Individual risk analysis
- Preventative measures
- Implementation of the statutory and contractual obligations through tailored solutions
After a cyber attack
- Analysis of the data loss
- Review of information obligations
- Setup of a crisis management system with the involvement of IT experts
- Possible involvement of law enforcement agencies / possible filing of criminal charges
- Fulfillment of information obligations to those affected and supervisory authorities
- Support of the company during audits by the supervisory authority
- Public relations work
- Review and enforcement of damage compensation claims against third parties
- Review and defense against damage compensation claims by third parties