In an era of rapidly advancing digitalization, the threat posed by cyberattacks looms larger than ever, presenting a formidable challenge for businesses operating in Germany. Recent statistics reveal that approximately one in ten companies in Germany has already fallen prey to cyber breaches. With this concerning trend on the rise, the likelihood of further attacks targeting companies, public institutions, and governmental bodies is expected to escalate.
Facing the intricate landscape of German legal norms and regulations concerning cybersecurity can be daunting for international businesses. At Schlun & Elseven Rechtsanwälte, we understand the complexities involved and offer tailored legal counsel to assist our international clients in Germany in safeguarding their operations effectively. Collaborating closely with esteemed IT forensic experts, we ensure comprehensive protection for your company, addressing both legal compliance and technical security measures. Whether you seek guidance in developing robust emergency security protocols or require assistance in contending with the legal intricacies following a cyber breach, our team is dedicated to providing you with expert advice and support.
Under the stringent provisions of the General Data Protection Regulation (GDPR), companies are obligated to report cyber incidents to the relevant data protection authorities. Our experienced lawyers are ready to clarify your reporting obligations and guide you through the necessary steps to fulfil legal requirements in case of a breach.
Partner with Schlun & Elseven Rechtsanwälte to fortify your company against cyber threats while facing the German legal landscape confidently and precisely. Please do not hesitate to contact us directly for expert legal assistance.
Typical Cases of Cybercrime in Germany
Spam and Phishing Emails
Perpetrators often utilise spam and phishing emails to extract information or data from unsuspecting individuals. These emails typically urge recipients to provide personal data or click on embedded links, redirecting them to deceptive websites masquerading as legitimate ones. Perpetrators may exploit recognisable company names or logos to appear authentic, coercing recipients to divulge personal information or make payments under false pretences. They usually ask the reader of the email to forward personal data/information or make payments under a pretext. It is often stated that it is necessary to enter the data again due to a system error or similar.
Hacker Attacks
The Most Common Cyber Attacks on Companies in Germany
Legal Protection for the Company in the Event of an Attack
Preparation is critical, even in the absence of a prior cyber attack. Understanding and adhering to local legal norms is imperative for international businesses operating in Germany. Special data protection regulations may apply depending on your company’s sector, particularly concerning handling sensitive customer data, a concern often heightened in industries like utilities.
Failure to implement adequate technical and organisational measures (TOMs) to protect sensitive data can pose significant risks. In the aftermath of an attack, such negligence could lead to complications in settling claims, potentially resulting in insurance coverage denial. To preemptively mitigate these risks, engaging the expertise of a seasoned legal firm with a deep understanding of German legal norms is essential.
At Schlun & Elseven Rechtsanwälte, we offer a comprehensive consulting solution tailored to international clients, encompassing legal, technical, and strategic measures. Our collaborative approach, integrating legal experts with IT specialists, ensures proactive legal protection and effective response mechanisms in the event of an acute attack. By proactively securing your company with specialised guidance, you can face the complexities of German legal requirements and fortify your defences against cyber threats. Please do not wait until it’s too late—partner with us to safeguard your company’s interests and confidently uphold compliance standards.
Legal Obligations of the Company after a Cyberattack
In the aftermath of a cyberattack, international businesses operating in Germany face critical legal obligations that demand swift and precise action. Understanding and complying with German law, particularly the stringent provisions of the General Data Protection Regulation (GDPR), is essential to safeguarding your company’s interests.
When a cyberattack compromises your company’s systems, it triggers a reportable data protection incident under Article 33 GDPR. In the event of a personal data breach, timely notification is imperative, as mandated by GDPR guidelines requiring disclosure within 72 hours (Art. 33 para. 1 sentence 1 GDPR). Failure to adhere to this requirement or providing inaccurate information can result in severe penalties, including fines of up to €10 million or 2% of the company’s global turnover (Art. 83 para. 4 lit. a GDPR).
Facing these intricate legal obligations demands expert guidance from a full-service law firm with a deep understanding of German legal norms. At Schlun & Elseven Rechtsanwälte, we offer comprehensive legal support tailored to the needs of international clients. Our team of experienced lawyers specialises in guiding businesses through the complexities of German law, ensuring compliance with GDPR regulations and mitigating risks effectively. Protect your company’s reputation, assets, and bottom line with confidence— please do not hesitate to contact us to learn more about how we can assist you.
Evidence Preservation and Clarification of the Crime through IT Forensics
As mentioned above, the law firm Schlun & Elseven Rechtsanwälte regularly works with experienced IT forensic experts in Germany to secure the traces of the attackers carefully and thus enable the suspects to be identified quickly. Such an approach facilitates criminal prosecution.
IT forensics can be used to systematically analyse IT attacks and secure evidence that points to the attacker. The aim is to determine who initiated the attack and how the perpetrator can be held accountable. Ideally, IT forensic experts can uncover incidents before any major damage has been done. Once an incident has been unequivocally identified as a cyber attack, appropriate protective measures are taken.
The following methods are used to preserve evidence:
- Analysing the servers for unknown processes (services crashing, messages about unusual logins or failed login attempts, etc.),
- Assessing the end devices (indications of traces being covered or conspicuous files),
- Examining the network infrastructure (logs of unknown users or unusually high traffic).
In preserving evidence, it is crucial that the state of the attacked system is not changed but that the exact state caused by the attacker is reflected. Otherwise, the evidence will not be admissible in court.
Analysing the cyber attack from a technical and legal perspective enables our law firm to guarantee our clients the best possible legal advice. The support of IT forensic experts ensures the meticulous securing of evidence immediately after an attack, thus enabling better prosecution. An interdisciplinary approach that combines legal expertise and processing methods (e.g. data analyses) is essential. We are happy to provide you with preventive support and legal advice following the occurrence of an emergency.
Who is Liable after a Cyberattack on a Company in Germany?
For international businesses operating in Germany, the aftermath of a cyberattack raises critical questions regarding liability and insurance coverage. While cyber insurance policies offer some protection, it’s essential to understand the nuances of German law to ensure comprehensive coverage and mitigate risks effectively.
In the event of a cyberattack causing damage, insurance coverage may not fully address all losses incurred. Determining liability hinges on various factors, including the nature of the attack and its impact on the company. While cyber insurance typically compensates for direct damages and the expenses associated with deploying IT forensic experts, coverage may be contingent on compliance with cyber regulations. In cases where damage has already occurred, we provide comprehensive guidance on applicable liability rules and strategies regarding claims for damages. Through collaboration with IT forensic experts, we ensure meticulous documentation and tracking of cyberattacks, ensuring compliance with legal and technical requirements.
At Schlun & Elseven Rechtsanwälte, we offer tailored legal counsel to international clients seeking clarity on liability issues and insurance coverage following a cyber incident in Germany. Our team assesses whether a reportable data protection incident has occurred and devises robust legal safeguards to protect your company’s interests. Please do not hesitate to contact us directly for expert legal assistance.
Practice Group: German IT Law & Cybercrime
Practice Group:
German IT Law & Cybercrime
Contact our Lawyers for German Cybercrime Law
Please use our online form to outline your request to us. After receiving your request, we will make a brief initial assessment based on the facts described and provide you with a cost offer. You can then decide whether you would like to engage our services.