Municipalities in Germany are not sufficiently prepared for the current IT threat situation. This is the result of a recent study by the cyberintelligence.institute (CII), which was presented today at a joint press conference together with CII supporting member Nord Security.
The cause is inadequate organizational precautions on the part of the municipalities, which are reinforced by a confusing mixture of state, federal and EU law requirements.
With a view to the current legal framework for cybersecurity in municipalities, the authors do not see a quick improvement. Regulations such as the General Data Protection Regulation (GDPR) and the Act on the Federal Office for Information Security (BSIG) are limited in their scope of application in many ways and therefore by no means cover the entirety of municipal cyber risks.
Further results and assistance are summarized on the platform of the study partner NordPass.
From the results, the CII authors Prof. Dr. Dennis-Kenji Kipker and Dr. Tilmann Dittrich LL.M. derive concrete recommendations for municipalities on how to implement best practice:
- Anchoring cybersecurity as a management task
- Establish an all-hazard approach
- Introduce a municipal CISO
- Practicing IT outsourcing securely
- Have an IT contingency plan ready
