Security culture starts with people The biggest security risk is sitting in front of the

Thousands of cyberattacks on authorities in Bavaria, online attacks on the police and state government of Mecklenburg-Western Pomerania and 80 reported IT security incidents at federal authorities - cyberattacks on the public sector are on the rise, but many municipalities and authorities are not sufficiently prepared for them. There are some significant gaps in cyber security in Germany. ‘Smaller municipalities in particular often do not have the necessary resources or IT security measures to fend off attacks as effectively as specialised companies,’ explains Sven Wagner, Smart City Officer at the digital association Bitkom. According to the Bitkom Economic Security Report 2024, 76% of the companies surveyed consider public administration in Germany to be less well protected than the private sector. The IT security of public authorities is often at least capable of improvement.

Creating more security with a limited budget

A central starting point for more security despite tight budgets is targeted prioritisation. ‘Local authorities need to define which data and systems are particularly worth protecting,’ says Wagner. A blanket implementation of high security standards is often costly without actually making the infrastructure more robust. Wagner recommends the increased use of (multi-)cloud solutions in order to provide security updates quickly and protect data in a decentralised manner. A cyber security strategy is also essential.

Protecting data: IT competence centres as a solution

To protect citizens' data, Wagner points to central IT competence centres: ’They can pool expertise and relieve the burden on small municipalities.’ This means that not every authority has to provide comprehensive protection itself, but this could be done in a network.

Advances in quantum computing also pose new challenges when it comes to protecting against cyber attacks. ‘Data that is encrypted today could be cracked in the future - which is why the switch to quantum-safe cryptography is urgently needed,’ emphasises Wagner.

Security culture starts with people

The biggest security risk is sitting in front of the computer, as security experts say time and again, and Sven Wagner agrees. Alongside the IT infrastructure, people remain the biggest security risk. ‘IT security knowledge must be an integral part of further training for all employees.’ Training and automated security solutions should be combined in order to recognise threats at an early stage.

The Bitkom Academy also offers various seminars and training courses on IT security basics.

What to do after a cyberattack?

And if an attack does occur? Then clear crisis management is crucial. ‘An emergency plan with clear responsibilities helps you to react quickly,’ explains Wagner. Important immediate measures include disconnecting infected devices from the network, analysing the attack and checking backups. ‘Transparent communication with the public and your own employees strengthens trust and minimises damage.’

The podcast ‘You are f****d - Germany's first cyber disaster’ from MDR also provides exciting insights. The podcast reconstructs the cyberattack on the district of Anhalt-Bitterfeld.