Information and communication technology in the DACH region:
An analysis of organizational structures and cybersecurity strategies
The relevance of ICT and cybersecurity in a networked world
At a time when digitalization and networking are growing exponentially, information and communication technology (ICT) is becoming increasingly important. At the same time, the relevance of cybersecurity is increasing in order to guarantee the integrity, confidentiality and availability of data and systems. This article analyses and compares the complex organizational structures and cybersecurity strategies in Austria, Switzerland and Germany. It focuses on the hierarchical structures of ICT services as well as the statistical and academic aspects.
The role of the GDCIM
Before we dive into the depths of organizational structures and cybersecurity strategies, it is important to highlight the role of GDCIM (Cooperative for Digitalization, Challenge and Innovation Management). This Swiss-based cooperative acts as a master cooperative for the D-A-CH region and has established itself as a Competence Center for SMEs, liberal professions and private households. Its mission is to strengthen these target groups in the areas of digitalization, cybersecurity, risk and crisis management. It offers a wide range of services, from the provision of SME-specific software and hardware solutions to emergency management. The GDCIM thus represents an important and unique player in the ICT and cybersecurity landscape of the DACH region and offers a sound and comprehensive platform that is highly relevant in both theory and practice.
Organizational structure: A taxonomic view of ICT services
The municipal level: local expertise as a cornerstone
The municipal level acts as the first point of contact for ICT services and is often represented by local service providers. These are responsible for a limited number of households. The maturity level of these service providers, also referred to as maturity level (ML), is between 1 and 2. This implies a basic level of expertise, but this is generally not sufficient for highly complex cybersecurity challenges.
The district and county level: specialization and cooperatives
Specialized ICT/cyber service providers are located at district or county level. These often act as cooperatives and offer a broader range of services. Their maturity level is between 3 and 5, which implies a higher level of expertise and specialized services. This level serves as a link between the local and supra-regional levels and plays a decisive role in the coordination of cybersecurity measures.
The national and cantonal level: continuous availability and expertise
The national or cantonal level is characterized by service providers that ensure 24/7 operations. Their maturity level is between 6 and 9, which implies a high level of expertise and the ability to overcome complex cybersecurity challenges. This level is responsible in particular for coordinating nationwide cybersecurity strategies and measures.
The federal level: rapid response in an emergency and remote support
At the highest level, the federal level, there are service providers who also guarantee 24/7 operation. Their maturity level is also between 6 and 9. In addition, they have a first response team that can be on site within two hours in the event of a cyber incident. Remote hands are available via a central support, situation and information center, which enables a rapid response to a wide range of incidents.
Statistical insights: A quantitative analysis of administrative structures
The statistical data provides a sound basis for analyzing the administrative structures in the respective countries. In Austria, there are 2,093 municipalities, 94 districts and statutory cities, 9 federal states and 358,600 SMEs. In Germany, there are 10,789 municipalities, 400 districts and independent cities, 16 federal states and around 3.2 million SMEs. Switzerland has 2,136 municipalities, 143 districts, 26 cantons and around 607,820 SMEs. These figures illustrate the complexity of administrative structures and provide a quantitative framework for the implementation of ICT services and cybersecurity measures.
Emergency management: a multidisciplinary approach to crisis management
Emergency management is a complex construct that encompasses a wide range of services. These include
- On-site emergency assistance and cyber incident response
- Towing assistance to the IKT workshop
- Information and advice on ICT and cyber issues
- Certifications and attestations
- IT purchasing advice
- ICT Circular Economy Network
- Co-design of the operational organization
These services offer a comprehensive range of reactive and preventive measures aimed at creating and maintaining a safe and efficient ICT environment.
University output: Academic performance as an indicator of expertise
In the academic context, the output of graduates in the STEM subjects (mathematics, IT, natural sciences and technology) is particularly relevant. In Austria, a total of 35,201 people completed a degree course in the 2018/19 academic year. Over two thirds of these graduates continued their studies in a Master’s program. Continuing studies after completing a bachelor’s degree is particularly common in the STEM fields. These academic achievements are an important indicator of expertise in the field of ICT and cybersecurity.
Conclusion: A complex but well thought-out system
The organization and structure of ICT services in the DACH region are complex but well thought out, with different levels of hierarchy enabling efficient and effective service delivery. Statistical data provides a quantitative framework for the implementation of ICT services and cybersecurity measures, while university output offers important insights into the academic landscape and expertise in the field of ICT and cybersecurity.
For more information and details, you can download the full document presented at IKT SIKON 2023 by Dominic Lachat, CEO of NEXGEN GmbH and Johannes Göllner, Chairman of the CRC – Center for Risk and Crisis Management: