Austria - Country Commercial Guide
Cyber Security
Last published date:

Overview

Austria has a medium-sized and well-developed IT sector, which is projected to make industry revenue of $6.7 billion in 2023. The cybersecurity market is one of the fastest growing ICT subsectors in Austria with expected annual revenue growth of 10% from 2023 to 2028. This results in an estimated market volume of $745 million by 2028. This increase is accelerated by a rise in cyber breaches, vulnerabilities revealed during the remote work environment of the pandemic and further prioritization by the Austrian government.

Cybersecurity has become an increasingly important issue in Austria. According to the Federal Criminal Police Office, the total number of reported cyber-crimes in 2022 was 60,195, which is a new record high and an increase of 30.4% compared to 2021. Twelve percent of firms in a recent survey noted that that they have been attacked on a daily basis in the last 12 months. Despite of the increasing number of attacks, only 20% of companies with over 50 employees established a cybersecurity emergency plan.

Austria continues to offer growing export opportunities for U.S. companies, particularly in cyber services that represent 59% of the cyber market. Leading cyber services subsegments include managed services, integration, consulting, education, and training.  Cybersecurity software represents 24.5% and hardware 16.5% of the total cyber market. Despite overall cuts in IT budgets due to the economic impact of the COVID-19 crisis, the increasing threat of cyber-attacks has led to greater spending on and demand for innovative IT security solutions by both the government and private sector.

Market Segments

Austria’s market can be split into three main segments: small- and medium-sized enterprises (SMEs), large companies, and government. Overall, there is a much higher risk awareness and continuous cybersecurity investment by government institutions and the estimated 1,190 larger Austrian businesses with over 250 employees. In Austria, 99.6% of all businesses are SMEs totaling 325,765 entities. Most of these SMEs are only minimally protected by cybersecurity measures, still misjudge the danger of security breaches, and dedicate limited IT budgets for services, software, hardware, and additional IT staff.

In July 2020, the Austrian government established a Joint Cybersecurity Center bringing together resources from the Federal Chancellery, Ministry of Defense and Ministry of Interior. In October 2020, the Federal Criminal Police Office announced to double the number of local IT investigators to probe cases of cybercrime more effectively, which was followed by an announcement of the Federal Chancellery’s Cybercrime Competence (C4) in November 2021 to double its IT investigators as well.

Market Drivers

Even after the pandemic, teleworking or working hybrid, is very common among Austrian firms, which poses many challenges for the individual firms. CEOs and IT professionals see a higher or much higher cyber risk when working remotely. Companies are increasing their focus on security infrastructure around mobile and personal devices.

In the wake of elevated cyber threats becoming more common especially during the COVID crisis, the Austrian government is increasing their activity and initiatives to raise awareness of cybersecurity. Helping in this effort are for the Austrian Trust Circle (ACT) or the Austria Cyber Security Challenge (ACSC).

Current Global Developments

The current global circumstances draw closer attention towards cybersecurity in the public sector as well as in the private sector. With a globally rising threat of cyber-attacks in various forms, many Austrian actors are changing their behavior regarding cybersecurity. In February 2022 the Austrian National Security council declared “a commitment to strengthen Austria’s national and civil defense,” which includes an increase in spending and an expansion in existing military competences in cyber-defense.

Opportunities 

Key trends and cybersecurity sub-sectors driving the Austrian cybersecurity market that open excellent opportunities for U.S. companies include:

  • Cyber defense solutions targeting phishing, malware and ransomware, social engineering, and overall data
  • leakage.
  • Endpoint hardware and software security
  • Security measures to comply with the implementation of cross-industry EU legislation and industry-specific legislation for critical infrastructure. 
  • End-user awareness and continuous cybersecurity training.
  • Cyber insurance (2/3 of Austrian companies are not insured)
  • Market Entry
  • Consider working with an established and qualified reseller, value-added distributor, or systems integrator when entering the Austrian market. In some cases, an existing partner in Germany covers the Austrian market.
  • Establish a direct business presence in Austria when pursuing national security projects with the Austrian government and/or projects with larger professional integrators and/or with critical infrastructure end-users.
  • Consider securing international ISO 27.000 series certification and the Austrian Cyber Trust quality seal, as well as implementing SCO audit reports when building trust among potential Austrian buyers.
  • For public sector procurement contracts, refer to the European Commission’s website.
  • Consider translating and adjusting marketing materials into German, the national language.

Resources  

Trade Shows & Conferences  

ASIS Europe – From Risk to Resilience, Vienna, AT, March 20-22, 2024: https://asiseurope.org

InfoSecurity Europe: London, UK, June 4-6, 2024: https://www.infosecurityeurope.com

Cyber Crime Forum Wien, Vienna, AT, June 18, 2024: https://lsz.at/events/cyber-crime-forum-wien 

IKT-Sicherheitskonferenz: Vienna, AT, September 17 – 18, 2024: https://seminar.bundesheer.at

IT Security Herbst: Vienna, AT, October 10, 2024: https://www.lsz.at/events/it-security-herbst

it-sa: Nuremberg, DE, October 22 to 24, 2024: https://www.itsa365.de/en/it-sa-expo-congress

International Digital Security Forum, Vienna, AT, date to be announced: https://idsf.io

 

Associations, Interest Groups & Research Institutes  

Austrian Security Board (KSÖ): https://kuratorium-sicheres-oesterreich.at

Austria Trust Circle (ATC): https://austriantrustcircle.at/

KIRAS Security Research: https://www.kiras.at/en

Austrian Institute of Technology (AIT): https://www.ait.ac.at

SBA Research: https://www.sba-research.org

Association of Austrian Software Industry (VÖSI): https://voesi.or.at/home-en   

Cyber Security Austria (CSA) Association: https://www.cybersecurityaustria.at  

 

Government Links  

Federal Chancellery (BKA) - Cyber Security Platform (CSP) & Cyber Security Steering Group (CSS): https://www.bundeskanzleramt.gv.at

Ministry of Interior (BMI) - Federal Criminal Police Office (BK) & Cyber Crime Competence Center (C4): https://www.bundeskriminalamt.at/en  

Online Security Portal: https://www.onlinesicherheit.gv.at  

CERT Overview: https://www.onlinesicherheit.gv.at/Themen/Erste-Hilfe/CERTs.html 

 

U.S. Commercial Service Austria, ICT and Cybersecurity Specialist, Robee Sallegue, robee.sallegue@trade.gov