Esche Schümann Commichau

Cyber crime

I. Why is this a threat to every company?

  • Means of attack are always available due to the existing Internet connection
  • Targets of attack are omnipresent, e.g. through apps on smartphones and tablets
  • Multiple targets can be attacked simultaneously
  • Attackers have a potential for high profits with a low risk of detection
  • A lack of awareness of the threat leads to insufficient technical and organizational protection measures
  • Weaknesses in the software


2. Who are the attackers?

  • Hackers
  • Internet activists 
  • Competitors 
  • Government intelligence agencies


3. What is the potential for damage?

  • Financial losses
  • Loss of trade and company secrets to the competition
  • Loss or negative impact on IT infrastructures
  • Blackmail with the threat of publishing the data
  • Identity theft 
  • Loss of reputation


4. Who is responsible for securing the IT systems?

  • Every company as well as any other responsible public or non-public body (Section 9 of the Federal Data Protection Act)
  • The management board of a German "Aktiengesellschaft" stock corporation (Section 91(2) of the Stock Corporation Act) 
  • The managing director of a German "GmbH" limited liability company (analogous to Section 91(1) of the Stock Corporation Act)
  • Credit and financial services institutions (Section 25a of the Banking Act) 
  • Telecommunications service providers (Section 109(1) of the Telecommunications Act) 
  • Parties to a contract subject to major or supplementary obligations


5. What are normally the information obligations following a cyber attack?

  • Those affected must be immediately informed
  • The supervisory authority must be immediately informed


6. What risks are posed by noncompliance with statutory and contractual obligations?

  • Fines of up to €300,000 against companies and responsible individuals
  • Contractual and tort damage compensation claims of unlimited amount from those affected


7. Our services

We advise you on all legal issues relating to cyber crime – before and after a cyber attack:

Before a cyber attack

  • Individual risk analysis
  • Preventative measures
  • Implementation of the statutory and contractual obligations through tailored solutions

After a cyber attack

  • Analysis of the data loss
  • Review of information obligations
  • Setup of a crisis management system with the involvement of IT experts 
  • Possible involvement of law enforcement agencies / possible filing of criminal charges 
  • Fulfillment of information obligations to those affected and supervisory authorities 
  • Support of the company during audits by the supervisory authority 
  • Public relations work 
  • Review and enforcement of damage compensation claims against third parties 
  • Review and defense against damage compensation claims by third parties