Author: LEUKOS Rechtsanwälte

Cybersecurity as a Management Responsibility: When Are Corporate Directors Liable for “Hacker Attacks”?

In modern corporate governance, the question is no longer whether a company will be targeted by cybercriminals, but only when this will happen. The number of successful cyberattacks is also increasing. For managing directors (GmbH), executive board members, and supervisory board members (AG), this brings a topic into focus that extends far beyond the IT department alone: personal liability for deficiencies in cybersecurity.

Managing Director Liability – Business Judgment Rule

Managing directors constantly face critical business decisions that shape the success of their companies. The economic outcome of these decisions is often uncertain by nature. Investments, strategic realignments, and everyday business operations all involve both opportunities and risks. Effective risk management and well-informed decision-making are therefore essential for sustainable business growth and long-term corporate success.

Austrian corporate law recognizes this business reality and does not hold managing directors liable for every incorrect decision. Instead, it provides an important legal safeguard: the Business Judgment Rule.
This principle clarifies that liability does not depend on whether a business decision ultimately leads to economic success or failure. Rather, the decisive factor is how the decision was made.

Dr. Paul Krepil

Partner | Attorney at Law

Paul Krepil is an attorney at law and partner at LEUKOS Attorneys at Law. His practice focuses on litigation, white-collar crime and (international) arbitration. He has 10 years of experience acting as counsel and defense attorney in cross-border cases. In addition, he has been repeatedly recommended as a Key Lawyer by the renowned legal guide Legal500.

„Paul Krepil was incredibly well prepared and always kept everything together.” – Legal500 (2024)

 

„Paul Krepil knows the case in depth, quick and useful responses. He typically knows even minor details by heart.” – Legal500 (2023)

Professional Background

since 2025
2021 – 2025
2016 – 2021

LEUKOS Attorneys at Law
Cerha Hempel
Wolf Theiss

University of Vienna (Dr.iur. and Mag.iur.), Austria
University of Edinburgh, Scotland

  • Representing a global tech company in mass proceedings concerning alleged GDPR violations.
  • Successfully defending a real estate entrepreneur in criminal proceedings, resulting in an acquittal on all charges including aggravated fraud, fraudulent insolvency and accounting fraud.
  • Strategically resolved a mass claim litigation involving over 120 claims through a combination of successful court proceedings and favorable settlements for the client.
  • Representing a financial institution in enforcement proceedings related to an arbitration award exceeding EUR 200 million.

  • Providing legal advise in enforcement proceedings arising from a multi-million-euro investment arbitration.

  • Cybercrime und inländische Gerichtsbarkeit (ecolex 2025)
  • Schutzmaßnahmen als Haftungsminimierung für Unternehmen und ihre Organe in Brewi/Royer (Hrsg.), Praxishandbuch Cybercrime (Linde 2025)
  • Obstructing Arbitral Proceedings at Their Beginning: A Bumpy Road (Not) to Take in Austrian Yearbook on International Arbitration 2024 (Manz 2024, co-author)
  • Regular presentation and courses for the academy for law and taxes in contract law – “Einführung in das Vertragsrecht” (ARS)
  • Litigation & Dispute Resolution, 2024, 17th Edition, Austria, International Comparative Legal Guide (ICLG, 2024, Co-Autor)
  • The Banking Litigation Law Review – Austrian Chapter, 5th Edition (Law Business Research 2021; Co-Autor)
  • Class & Group Actions 2019: International Comparative Legal Guide, 11th Edition (ICLG 2019; Co-Autor)
  • Foreign Investments in Austria, ABA Section of International Law, Issue 17, August 2018 (Co-Autor)
  • Global Legal Insights – Bribery & Corruption: Austrian Chapter (GLI 2018; Co-Autor)
  • The Class Action Law Review – Austrian Chapter, 2nd Edition (Law Business Research 2017, Co-Autor)

Team

Mag. Claudia Brewi

Partner | Attorney at Law

Claudia Brewi is an attorney at law and partner at LEUKOS Attorneys at Law. Her core practice areas include white-collar crime, cybercrime, litigation and compliance. She has extensive experience as defense or victim’s counsel in complex white-collar cases as well as representing clients in civil disputes with an economic and corporate nexus. In addition, she is a founding and board member of the Austrian White Collar Crime Association (AWCCA).

Professional Background

since 2025
2021 – 2025
2017 – 2021

LEUKOS Attorneys at Law
Paulitsch Law
Wolf Theiss

University of Vienna (Mag.iur.), Austria
University of Oslo, Norway

  • Advising and representing a tax advisor in complex civil proceedings concerning alleged damages in the millions due to alleged incorrect advice; several (partly already legally binding) dismissals of claims were achieved.
  • Successful criminal defense of an entrepreneur from the real estate industry with acquittal on all charges (allegations including aggravated fraud, fraudulent insolvency and accounting fraud)
  • Representation of victims of large-scale crypto fraud cases in Austria, Germany and Switzerland.
  • Acting on behalf of an international IT company as a private party in connection with multi-million-euro in damages arising from embezzlement and money laundering.
  • Online-Presentation – Das österreichische Unternehmensstrafrecht (Verbandsverantwortlichkeitsgesetz): same same but different? (WisteV/AWCCA 2025)
  • Checklist: Aktuelle Cybercrime-Phänomene und Präventionsmaßnahmen für Unternehmen (ecolex 2025)
  • The International Anti-Corruption Academy’s Annual Conference on Global Trends and Challenges in Preventing and Combating Corruption Vortrag: From Corruption to Laundering in Austria/Europe: Legal and Practical Responses to an Evolving Threat (IACA 2025)
  • Co-Editor and Author of Praxishandbuch Cybercrime: Cybercrime – eine Bestandsaufnahme, Online- und Krypto-Betrug, Aktuelle Entwicklungen und Ausblick (Linde 2025)
  • Ecolex Talks – Do’s and Don’ts im Strafrecht (Manz 2025)
  • The International Anti-Corruption Academy’s Annual Conference on Global Trends and Challenges in Preventing and Combating Corruption Vortrag: New trends in AML/CFT from the financial sector perspective (IACA 2024)
  • Presentation at the AML-Conference: AML- und Betrugs-Compliance (ARS Akademie 2024)
  • Strafbarkeit wegen Geldwäscherei durch Unterlassen? (ecolex, co-author)
  • Verschärfung des Korruptionsstrafrechts (ecolex, co-author)
  • Expert panel on risks in the Darkweb (SMJ partners, AWCCA and Darkowl 2023)
  • Presentation at blockchain-REAL: Crypto-Crime – Aktuelle Betrugs- und Geldwäschefälle (Linde und GEWINN 2022)
  • Linde Podcast #96 – Crypto Crime (Linde 2022)
  • The Asset Tracing and Recovery Review – Austrian Chapter, 7th and 8th Edition (Law Business Research 2019 und 2020, Co-Autorin)

Team

Inhouse Outsourced

Outsourced
Legal department

For some companies, maintaining an in-house legal department is not economically viable. Even established legal teams can quickly reach their limits during periods of increased workload or staffing shortages, particularly in legally sensitive situations. We support your business flexibly, quickly and reliably in all legal matters – so you can focus entirely on your core business.

  • Corporate Housekeeping
    Ongoing legal support for companies, from incorporation to amendments of articles of association or changes in shareholder structure.
  • Claim Management
    Coordination and handling of contentious matters including strategic and legal support in disputes and conflicts.
  • Crisis Management and Crisis Communication
    Legal assistance in critical situations as well as strategic guidance on internal and external communication.
  • Data Protection (GDPR)
    Advisory on the implementation of data protection requirements, drafting of guidelines and support during regulatory audits.
  • Contract Drafting and Contract Negotiations
    Drafting of tailor-made contracts to safeguard company interests as well as legal support during negotiations to strengthen the company’s position and minimize risks.
  • Contract Management
    Structured administration, monitoring and adaption of existing contracts including deadline management.
  • Intellectual Property Law and Unfair Competition
    Protection of intellectual property (trademark applications, etc.) and opposing unfair business practices by competitors.

Cyber and Crypto Crime

Digitalization has led to a rapid increase and evolution of crimes in the worldwide web. Cyberattacks can hit both companies and private individuals suddenly and severely. We help you assess complex online crimes from a legal perspective, minimize financial losses and assert your rights effectively.

  • Crypto and Online Fraud
    Initial legal assessment, case analysis and enforcement of claims in cases of crypto fraud, investment and trading scams, romance scams, pig butchering schemes, fake online shops, impersonation scams and similar online fraud schemes.
  • Prevention and Compliance
    Development and implementation of guidelines, trainings and preventive measures to minimize digital risks.
  • Attacks on IT systems
    Legal advice and crisis management in cases of hacking, phishing, ransomware, fraudulent data processing, misuse of access credentials, data forgery and data damage.
  • Online Harassment and Abuse
    Legal support in cases of coercion, threats, stalking, cyberbullying, hate speech and online defamation.
  • Identity Theft and Online Manipulation
    Legal support in cases involving order fraud, CEO fraud, money laundering, data protection breaches and reputational harm.
  • NIS 2 Directive and Data Breaches
    Advice on security requirements, obligations and organizational measures for affected companies. Assistance in managing data protection incidents including data-breach notifications and communication with authorities.

White-Collar Crime

Criminal risks can affect companies and individuals unexpectedly. We provide comprehensive support to handle critical situations professionally, discreetly and with legal certainty. We safeguard your rights throughout all stages of criminal proceedings, guide you through challenging situations and ensure that your position is represented effectively and strategically.

  • Economic Crimes
    Consistent representation in cases of economic and business-related offences such as fraud, fraudulent insolvency, embezzlement, breach of trust, accounting offences, money laundering, misuse of trade or business secrets, forgery and other related matters.
  • Defense in Investigations and Criminal Proceedings
    Support and advice at every stage of criminal proceedings – from initial questioning to dawn raids, seizures, asset freezes and full defense representation before the criminal court.
  • Victim Representation
    Assertion of victims’ rights and claims of private parties or private prosecution to effectively protect economic and personal interests.
  • Corruption
    Legal advice and defense in cases involving abuse of power/office, acceptance of advantages, bribery and other corruption-related offences.
  • Compliance
    Development, optimization and implementation of guidelines, training programs and preventive measures to minimize risks for employees and companies.
  • Internal Investigations
    Discreet and independent clarification of internal matters to minimize criminal liability risks including interviews, document analysis and structured reporting for internal or external use.
  • Appeals and Remedies
    Review and filing of objections, complaints and appeals against acts or decisions of investigative authorities and courts.

Disputes

We represent our clients in contentious disputes before state courts and arbitral tribunals. Our services include enforcing claims, defending against unjustified claims and guiding our clients through payment, enforcement and insolvency proceedings. We also provide strategic support outside of court through assertive correspondence as well as efficient claim and enforcement management.

  • Advising in Civil Law Matters
    Legal advice across all areas of civil law, including damages, warranty, product liability and unjust enrichment.
  • Corporate and Commercial Disputes
    Legal support in shareholder disputes, director and officer liability and matters related to the Business Judgment Rule.
  • Representation before State Courts (Litigation)
    Comprehensive legal representation before state courts in all areas of civil law (i.e. damages claims, declaratory actions and injunctions) including strategic case management and targeted litigation preparation.
  • Arbitration
    Representation in domestic and international arbitration cases under various rules (i.e. VIAC, ICC, UNCITRAL) as well as ad hoc arbitration proceedings.
  • Out-Of-Court Representation
    Preparation of targeted legal demand letters and efficient out-of-court interventions to resolve disputes.
  • (European) Payment Orders
    Supporting with asserting monetary claims including initiating payment orders and representation in objection proceedings.
  • Debt Collection
    Efficient identification, securing and recovery of assets to enforce outstanding claims.
  • Enforcement Proceedings
    Securing and satisfying claims as well as enforcing final judgments through injunctions, seizures, enforced sale of assets and other enforcement measures.
  • Recognition and Enforcement of Foreign Arbitral Awards
    Legal representation in recognition and enforcement proceedings concerning domestic and international arbitration awards.
  • Insolvency Cases
    Legal advice and support with claim submissions as well as representation in insolvency related disputes.