Information and communication technology in the DACH region:
An analysis of organizational structures and cybersecurity strategies

The role of the GDCIM

Before we dive into the depths of organizational structures and cybersecurity strategies, it is important to highlight the role of GDCIM (Cooperative for Digitalization, Challenge and Innovation Management). This Swiss-based cooperative acts as a master cooperative for the D-A-CH region and has established itself as a Competence Center for SMEs, liberal professions and private households. Its mission is to strengthen these target groups in the areas of digitalization, cybersecurity, risk and crisis management. It offers a wide range of services, from the provision of SME-specific software and hardware solutions to emergency management. The GDCIM thus represents an important and unique player in the ICT and cybersecurity landscape of the DACH region and offers a sound and comprehensive platform that is highly relevant in both theory and practice.

Organizational structure: A taxonomic view of ICT services

The municipal level: local expertise as a cornerstone

The municipal level acts as the first point of contact for ICT services and is often represented by local service providers. These are responsible for a limited number of households. The maturity level of these service providers, also referred to as maturity level (ML), is between 1 and 2. This implies a basic level of expertise, but this is generally not sufficient for highly complex cybersecurity challenges.

The district and county level: specialization and cooperatives

Specialized ICT/cyber service providers are located at district or county level. These often act as cooperatives and offer a broader range of services. Their maturity level is between 3 and 5, which implies a higher level of expertise and specialized services. This level serves as a link between the local and supra-regional levels and plays a decisive role in the coordination of cybersecurity measures.

The national and cantonal level: continuous availability and expertise

The national or cantonal level is characterized by service providers that ensure 24/7 operations. Their maturity level is between 6 and 9, which implies a high level of expertise and the ability to overcome complex cybersecurity challenges. This level is responsible in particular for coordinating nationwide cybersecurity strategies and measures.

The federal level: rapid response in an emergency and remote support

At the highest level, the federal level, there are service providers who also guarantee 24/7 operation. Their maturity level is also between 6 and 9. In addition, they have a first response team that can be on site within two hours in the event of a cyber incident. Remote hands are available via a central support, situation and information center, which enables a rapid response to a wide range of incidents.

Statistical insights: A quantitative analysis of administrative structures

The statistical data provides a sound basis for analyzing the administrative structures in the respective countries. In Austria, there are 2,093 municipalities, 94 districts and statutory cities, 9 federal states and 358,600 SMEs. In Germany, there are 10,789 municipalities, 400 districts and independent cities, 16 federal states and around 3.2 million SMEs. Switzerland has 2,136 municipalities, 143 districts, 26 cantons and around 607,820 SMEs. These figures illustrate the complexity of administrative structures and provide a quantitative framework for the implementation of ICT services and cybersecurity measures.

Emergency management: a multidisciplinary approach to crisis management

Emergency management is a complex construct that encompasses a wide range of services. These include

• On-site emergency assistance and cyber incident response
• Towing assistance to the IKT workshop
• Information and advice on ICT and cyber issues
• Certifications and attestations
• IT purchasing advice
• ICT Circular Economy Network
• Co-design of the operational organization

These services offer a comprehensive range of reactive and preventive measures aimed at creating and maintaining a safe and efficient ICT environment.

University output: Academic performance as an indicator of expertise

In the academic context, the output of graduates in the STEM subjects (mathematics, IT, natural sciences and technology) is particularly relevant. In Austria, a total of 35,201 people completed a degree course in the 2018/19 academic year. Over two thirds of these graduates continued their studies in a Master’s program. Continuing studies after completing a bachelor’s degree is particularly common in the STEM fields. These academic achievements are an important indicator of expertise in the field of ICT and cybersecurity.

Conclusion: A complex but well thought-out system

The organization and structure of ICT services in the DACH region are complex but well thought out, with different levels of hierarchy enabling efficient and effective service delivery. Statistical data provides a quantitative framework for the implementation of ICT services and cybersecurity measures, while university output offers important insights into the academic landscape and expertise in the field of ICT and cybersecurity.

For more information and details, you can download the full document presented at IKT SIKON 2023 by Dominic Lachat, CEO of NEXGEN GmbH and Johannes Göllner, Chairman of the CRC – Center for Risk and Crisis Management: