Saxony Bolsters Cybersecurity Defenses with New Strategy

The Saxon state government has unveiled a comprehensive cybersecurity strategy aimed at strengthening its defenses against the ever-growing threat of cyberattacks. Approved by the cabinet in Dresden, the strategy seeks to protect state administration, support businesses in their cybersecurity efforts, and raise awareness among citizens about potential online dangers.

Daniela Dylakiewicz, head of the State Chancellery and Commissioner for Information Technology, emphasized the urgency of the situation. "We want to position the administration securely, assist companies with prevention and incident response, and sensitize citizens to the dangers," she stated. Dylakiewicz highlighted the persistent threat landscape, noting that "the topic is more relevant than ever." She warned that "each of us can become victims of cyberattacks, and perhaps already has."

Acknowledging the constant evolution of cyber threats, Dylakiewicz framed cybersecurity as an ongoing race against increasingly sophisticated attackers. However, she stressed that individuals and organizations are not helpless in the face of these threats. The newly adopted strategy represents a proactive approach to mitigating risks and enhancing resilience.

The strategy marks the first time that all state government activities related to cybersecurity are consolidated and coordinated under a unified framework. It encompasses nine key areas of action, outlining both long-term objectives and specific, measurable actions against which the government will be held accountable.

Key Elements of the Cybersecurity Strategy:

• Strengthening State Administration Security: This pillar focuses on fortifying the IT infrastructure and security protocols within state government agencies to protect sensitive data and critical services from cyberattacks.

• Supporting Businesses with Cybersecurity: Recognizing the vulnerability of businesses, particularly small and medium-sized enterprises (SMEs), the strategy aims to provide resources, guidance, and support to enhance their cybersecurity posture. This may include training programs, risk assessments, and assistance with incident response.

• Raising Citizen Awareness: A crucial aspect of the strategy involves educating citizens about the risks of cybercrime and providing them with the knowledge and tools to protect themselves online. This will be achieved through public awareness campaigns, educational materials, and training programs.

• Mandatory Training and Awareness: The strategy includes concrete measures such as annual training sessions for 5,000 citizens, to build awareness, and support. Similarly, it calls for training a minimum of 10,000 government employees each year, aiming to improve their cybersecurity knowledge and practices.

• Regular Emergency Drills: The strategy mandates annual emergency exercises to test and refine cybersecurity incident response plans across various agencies and sectors. These drills are designed to identify weaknesses, improve coordination, and ensure a swift and effective response to cyberattacks.

• Involving Municipal Authorities: The strategy emphasizes the importance of collaboration with local governments in implementing cybersecurity measures. This includes providing resources and training to municipal authorities and integrating them into the state’s overall cybersecurity framework.

Economic Impact of Cybercrime:

Jörg Steinig, the Free State’s Commissioner for Information Security, underscored the significant financial impact of cybercrime, stating that German companies suffered losses of €179 billion in 2024 due to cyberattacks. He emphasized that cyber risks are now considered the top business risk by many organizations.

Steinig highlighted Saxony’s existing efforts to protect its administrative network with a dedicated security shield. However, he acknowledged that SMEs are particularly vulnerable to cyberattacks and require additional support. The new cybersecurity strategy aims to address this vulnerability by providing targeted resources and assistance to help SMEs strengthen their defenses.

Long-Term Vision and Measurable Goals:

The Saxon cybersecurity strategy is not merely a set of short-term measures; it represents a long-term commitment to building a more secure digital environment. By establishing clear goals and measurable actions, the government intends to demonstrate its commitment to cybersecurity and ensure that progress is tracked and evaluated regularly.

The inclusion of specific targets, such as the number of citizens and employees trained annually, and the implementation of regular emergency drills, provides a framework for accountability and ensures that the strategy remains focused on achieving tangible results.

Conclusion:

Saxony’s new cybersecurity strategy represents a significant step forward in protecting the state from the growing threat of cybercrime. By consolidating efforts, setting clear goals, and investing in training and awareness, the government aims to build a more resilient and secure digital environment for its citizens, businesses, and public sector. The strategy’s emphasis on collaboration, continuous improvement, and measurable results demonstrates a commitment to long-term success in the face of an ever-evolving threat landscape. The proactive approach of this initiative underscores Saxony’s dedication to staying ahead of cybercriminals and safeguarding its digital assets. The multi-faceted approach of addressing governmental vulnerabilities, increasing public awareness, and supporting businesses is a well-rounded strategy that should help Saxony to become a leader in cybersecurity.