Menu
Leonberg, May 19, 2026 – When a municipality is hit by a cyberattack, the first signs don’t show up in server logs—they show up in everyday life. Appointments are canceled, applications go missing, and routine processes break down. What starts quietly can escalate quickly, bringing entire administrations to a standstill. The real weakness lies in the way municipal systems have evolved over time: complex, tightly interconnected, and difficult to secure with isolated fixes. The Federal Office for Information Security has already described the situation as “tense to critical,” warning that public administration is becoming an increasingly attractive target. What’s needed is a more integrated approach—one that brings together organizational structures, processes, and technology, and enables municipalities to keep functioning even under attack.
“Cyberattacks on municipalities are still too often treated as a purely technical issue. In reality, they disrupt the entire administration—and with it, daily life,” says Erik Sterck, Head of DACH at Erik Sterck GmbH. The company works with a network of specialized partners to help municipalities coordinate effective security strategies and embed them sustainably into their existing environments.
Complexity Is the Real Risk
Monday morning, 8:12 a.m. The city’s servers stop responding. Citizens are left standing outside offices because appointments can’t be accessed. The vehicle registration office shuts down, building applications vanish into the void—and in the worst case, even critical infrastructure is affected: traffic lights fail, utility services are disrupted, and internal communication collapses.
“What sounds like a disaster movie scenario is already happening in real life,” says Sterck. “Cyberattacks on municipalities have been rising for years, targeting systems that are often highly complex, historically grown, and difficult to secure.”
Municipalities aren’t single, unified organizations—they’re networks of very different entities operating under one roof. Administrative departments, public utilities, schools, daycare centers, and sometimes even hospitals are all interconnected. Yet many of them rely on their own IT systems, service providers, and security standards. A mix of outdated software, fragmented responsibilities, and increasing digital demands significantly expands the attack surface—while resources remain limited.
“The challenge isn’t one system—it’s how all the systems interact. That’s why security has to be approached holistically: technically, organizationally, and strategically.”
From Phishing Email to Full Shutdown
Most attacks begin quietly but follow a familiar pattern. It often starts with a phishing email or stolen credentials. Once inside, attackers establish a foothold—through compromised user accounts or scheduled tasks—and then move laterally across the network.
They exploit weaknesses in Active Directory environments, poorly segmented networks, or unsecured interfaces, while often already extracting sensitive data in the background. The attack typically only becomes visible in its final stage—when systems are encrypted or services are deliberately shut down. By then, critical applications, databases, and communication channels are often so compromised that normal operations are no longer possible.
“Many attacks go unnoticed for days or even weeks. By the time they’re discovered, the real damage has already been done,” says Sterck.
Resilience Matters More Than Prevention
It’s unrealistic to expect complete protection against cyberattacks. What really matters is whether a municipality can continue to operate during an incident.
That requires more than isolated security measures. It means clearly segmented networks, robust identity and access management, and real-time visibility into security events. Just as important are backup systems that are physically and logically separated from live operations, along with well-defined recovery plans that are regularly tested under realistic conditions.
Only when these technical and organizational elements work together can municipalities maintain control—or recover quickly—when it matters most.
“Operational resilience isn’t built on individual measures, but on coordinated structures that hold up under pressure,” says Erik Sterck. “Our goal is to help municipalities build exactly those structures—and keep them running over the long term.”
About Erik Sterck GmbH
Erik Sterck GmbH, headquartered in Leonberg (Baden-Württemberg), provides consulting services for enterprises in the areas of data centers, cloud-native services, and cybersecurity. A particular focus lies on the automation of operational services, including the use of artificial intelligence. From consulting workshops to implementation, Erik Sterck GmbH offers expert guidance and delivers projects across both virtual server and containerized environments. The company supports nearly 250 mid-sized businesses and enterprises from various industries throughout Germany. Erik Sterck GmbH has received multiple awards for its work — most recently as Pure Storage ELITE Partner 2025, Growth Partner of the Year by keepit, Best Technical Partner by Nutanix, the global award Cyber Recovery Partner of the Year, and DACH Partner of the Year by Arctic Wolf Networks. In addition to its headquarters in Leonberg, the systems integrator maintains branch offices in Cologne, Munich, and Hamburg. Erik Sterck GmbH is part of the TTNL Group. www.eriksterck.de
About the TTNL Group
Committed, results-driven, and dynamic — that’s TTNL, the IT partner that goes the extra mile to help you achieve your goals. With our strategic data solutions, we ensure continuity and an optimized data infrastructure.
Headquartered in Utrecht, the Netherlands, TTNL specializes in data management within hybrid multi-cloud environments. The company focuses on the technical and economic optimization of these complex hybrid multi-cloud infrastructures, ensuring the availability and protection of business-critical data. TTNL has established strategic partnerships with leading companies including IBM, Red Hat, Pure Storage, NetApp, Lenovo, Dell Technologies, VMware, Equinix, Varonis, Veeam, and Rubrik. www.ttnl.io
Press contact
Alice Baumbusch
echolot public relations
Mobil: +49 160 6192248
E-Mail: baumbusch@echolot-pr.de
