In an audit report, the Court of Auditors identified deficiencies in the City of Vienna’s IT risk management. Appropriate measures to improve cyber security were recommended. Although it was noted that the responsible department “MA 01” has already taken numerous steps in terms of IT infrastructure, there was criticism, for example, that risk management is partly organized in a decentralized manner. Emergency plans were also missing.
