14.04.2022 / Case

Internal awareness campaign for information security


Energy industry

Company size

Around 10,000 employees

Project period

November 2021 to March 2022

Campaign period

January to March 2022

Consulting field

Corporate Communications



According to the Allianz Risk Barometer 20221 and the Academic Society’s Communications Trend Radar 20222 cybersecurity is one of the greatest challenges facing businesses. The German Federal Office for Information Security (BSI) currently classifies the situation as “serious to critical”, with some areas even on “code red”. The growing rate of home office use has broadened the scope of attacks for companies. According to a study by the digital industry association Bitkom, cyberattacks inflict €223 billion in damage to the German economy annually. Although many companies are optimising their technical protection, they are still not adequately addressing the actual weak point – human error. In fact, 95 percent of IT security vulnerabilities are created by human error. It is important to note that the methods used by cybercriminals are becoming increasingly sophisticated, which is why no one is immune to them. Against this backdrop, it is all the more important to improve employee awareness of the dangers of the web.


To this end, SKM Consultants designed an internal communications campaign with the following three phases: Information, Awareness and Impact. In the first phase, a common foundation of information is created so that all employees are brought to the same level of knowledge, regardless of their initial IT expertise. The second phase creates greater awareness among employees of the types of threats and their magnitude. In the third and most important phase, this awareness can be used to generate concern and specifically ensure that employees are affected on an emotional level. Central elements of the campaign include a video message from management, interviews with experts and those affected by attacks, and the simulation of an actual hacking attack.


In addition to providing information and raising awareness, the campaign specifically aims to ensure employee participation, so that IT security measures become part of daily work routines.

SKM Consultants’ services during the implementation phase included:

  • Development of a strategic communication concept including core messages
  • Setting up of a dedicated section and info series on the client’s intranet
  • Design of the campaign’s key visuals
  • Multimedia message from management to explain the campaign’s objectives and significance
  • Development of several video podcasts with cyberattack victims and IT security experts
  • Writing of daily cybersecurity tips
  • Creation of virtual checklists
  • Production of an animated explanatory film

Finally, an anonymous employee survey was developed to ensure there was an evaluation of the knowledge gained by the employees.


1 Allianz (2022): Allianz Risk Barometer 2022, unter https://www.agcs.allianz.com/news-and-insights/news/allianz-risk-barometer-2022-press-de.html

2 Academic Society for Corporate Management & Communication (2022): Communications Trend Radar, unter: https://www.akademische-gesellschaft.com/en/research/topics/communications-trend-radar/

3 Bitkom (2021): Angriffsziel deutsche Wirtschaft: mehr als 220 Milliarden Euro Schaden pro Jahr, unter: https://www.bitkom.org/Presse/Presseinformation/Angriffsziel-deutsche-Wirtschaft-mehr-als-220-Milliarden-Euro-Schaden-pro-Jahr

4 Cybintsolutions (2020): 15 Alarming Cyber Security Facts and Stats, unter: https://www.cybintsolutions.com/cyber-security-facts-stats/


picture credits: