Cyber attacks on small and medium-sized enterprises are rarely caused by missing tools or weak passwords.
In most cases, they fail because responsibilities are unclear, risks are underestimated, and security is treated as an IT issue instead of a business decision.

In this talk, Jürgen Ebner explains why IT security initiatives in SMEs often fail – even when “everything looks fine on paper”.
He shows how organizational blind spots, false assumptions, and missing ownership create real risks long before a technical incident occurs.

The session focuses on understanding cyber risk from a decision-maker’s perspective, not on technical details.
Participants will leave with a clearer view of where responsibility starts, what questions really matter, and how IT security can become part of business continuity instead of an afterthought.

Target audience: Business owners, executives, decision-makers, non-technical IT responsables
Session type: Keynote / Talk
Duration: 30–45 minutes
Technical level: Non-technical, business-focused