Esche Schümann Commichau

Cyber crime

I. Why is this a threat to every company?

  • Means of attack are always available due to the existing Internet connection
  • Targets of attack are omnipresent, e.g. through apps on smartphones and tablets
  • Multiple targets can be attacked simultaneously
  • Attackers have a potential for high profits with a low risk of detection
  • A lack of awareness of the threat leads to insufficient technical and organizational protection measures
  • Weaknesses in the software


2. Who are the attackers?

  • Hackers
  • Internet activists 
  • Competitors 
  • Government intelligence agencies


3. What is the potential for damage?

  • Financial losses
  • Loss of trade and company secrets to the competition
  • Loss or negative impact on IT infrastructures
  • Blackmail with the threat of publishing the data
  • Identity theft 
  • Loss of reputation


4. Who is responsible for securing the IT systems?

  • Every company as well as any other responsible public or non-public body (Section 9 of the Federal Data Protection Act)
  • The management board of a German "Aktiengesellschaft" stock corporation (Section 91(2) of the Stock Corporation Act) 
  • The managing director of a German "GmbH" limited liability company (analogous to Section 91(1) of the Stock Corporation Act)
  • Credit and financial services institutions (Section 25a of the Banking Act) 
  • Telecommunications service providers (Section 109(1) of the Telecommunications Act) 
  • Parties to a contract subject to major or supplementary obligations


5. What are normally the information obligations following a cyber attack?

  • Those affected must be immediately informed
  • The supervisory authority must be immediately informed


6. What risks are posed by noncompliance with statutory and contractual obligations?

  • Fines of up to €300,000 against companies and responsible individuals
  • Contractual and tort damage compensation claims of unlimited amount from those affected


7. Our services

We advise you on all legal issues relating to cyber crime – before and after a cyber attack:

Before a cyber attack

  • Individual risk analysis
  • Preventative measures
  • Implementation of the statutory and contractual obligations through tailored solutions

After a cyber attack

  • Analysis of the data loss
  • Review of information obligations
  • Setup of a crisis management system with the involvement of IT experts 
  • Possible involvement of law enforcement agencies / possible filing of criminal charges 
  • Fulfillment of information obligations to those affected and supervisory authorities 
  • Support of the company during audits by the supervisory authority 
  • Public relations work 
  • Review and enforcement of damage compensation claims against third parties 
  • Review and defense against damage compensation claims by third parties
We use cookies to optimize and continuously improve our website for you. By continuing to use the website, you agree to the use of cookies. Further information on cookies can be found in our data protection declaration. I agree