The topic of cybersecurity is, of course, not breaking news for companies in Switzerland, but has been a hot topic for years. And with each passing year, the warning voices grow louder that attacks are on the rise and that every company should take consistent action. Pure scaremongering? Not really.

On the one hand, IT is becoming increasingly important in the digitalization of business processes and financial transactions. At the same time, artificial intelligence and other technological innovations are opening up more and more opportunities for cybercriminals. If you don’t act now, you risk financial and legal consequences as well as serious damage to your reputation. 

As software developers from Switzerland, we are actively campaigning for greater cybersecurity at the federal level. In this guide, we show you how to effectively prepare your company, what to do in the event of an attack, and what types of attacks you should be aware of.

To improve cybersecurity in Switzerland, attacks on critical infrastructure such as energy or drinking water supplies have been subject to mandatory reporting since April 1, 2025. If functionality is compromised or if manipulation, information leakage, extortion, coercion, or threats are involved, the incident must be reported to the Federal Office for Cybersecurity (BACS) within 24 hours of discovery. From October 1, 2025, fines will be imposed for failure to report incidents.

What does cybersecurity mean for companies in Switzerland today?

Cybersecurity in Switzerland is directly linked to digitalization – more digital processes increase the vulnerability to increasingly sophisticated cyberattacks. At the same time, digital progress means you can protect yourself better and better against cybercriminals. To this end, cybersecurity at the federal level is a real joint task for technology, politics, and business.

How can you effectively protect your company against cyberattacks?

Attacks on cybersecurity in Switzerland not only cause financial damage, but can also permanently damage your company’s reputation or have legal consequences (data protection issue). One thing is clear: IT security in Switzerland starts in every single company. Here’s what you can do specifically:

• Clear responsibilities: Appoint a responsible person – ideally a Chief Information Security Officer (CISO). This person manages protective measures as part of ongoing prevention and monitoring and takes charge of coordination in the event of incidents.
• Regular employee training: Ongoing training raises your employees’ awareness of cybersecurity and informs them about specific, current threats in Switzerland, such as phishing or fake emails.
• Develop an emergency plan: This should include response strategies that you should test in advance. If your company falls victim to an attack despite all precautions, an incident response plan will ensure that you don’t waste any time and can act quickly and in a coordinated manner.
• Collaboration with an IT security provider in Switzerland: Have your systems checked  regularly by a pentest provider so that you can close security gaps in good time.  
• Strong passwords, multi-factor authentication, and access rights: Require the use of complex passwords and use multi-factor authentication wherever possible. Only give your employees the necessary permissions.
• Regular software updates and audits: Keep known vulnerabilities at bay by continuously updating operating systems and applications. However, it is just as important to continuously check the software security of your applications.
• Focus on network security: Use firewalls, VPNs, and intrusion detection systems to protect networks and detect unauthorized access early on. Incidentally, the Swiss Cyber Security Days are a great opportunity to find out about the latest developments.

What should you do if your company is attacked anyway?

These preventive measures for greater cybersecurity can effectively protect your company, but unfortunately they cannot completely rule out the worst-case scenario. So how should you proceed in the event of a real attack? Ideally, of course, you already have an emergency plan ready to go. In any case, you should clarify the following questions in advance:

1. Who should the incident be reported to and who decides whether it is actually an emergency? Should employees be notified or an IT service provider?
2. Who will form the emergency response team? As a rule, management is on board for coordinated crisis management. The emergency response team assesses the situation and analyzes which systems are affected and what measures are necessary.
3. What immediate measures should be taken?  In order to limit the damage, the first step is usually to isolate the affected systems by disconnecting them from the network or power supply.
4. Are there any apps and systems that should continue to run in emergency mode? If so, how should this be maintained?

What else needs to be done after an incident?

If you do not have an incident response plan, there is only one thing to do: Contact a specialist immediately who will isolate your systems to prevent the cyberattack from spreading and who will also support you with all further steps .

1. Report to the National Cyber Security Center (NCSC) within 24 hours if critical infrastructure is affected.
2. Clear and transparent communication, internally and externally, to maintain trust
3. Identify the cause, close gaps, clean up or reset systems
4. Document all findings and steps for legal and internal purposes
5. Comprehensive evaluation of the attack, optimization of preventive measures

An overview of the most common cyberattacks on companies in Switzerland

Efficient preparation involves not only taking the appropriate measures, but also knowing what you are preparing for. As technological capabilities grow, so does the creativity of cybercriminals, and new players such as states and organized crime are entering the fray. Here is an overview of the current cybersecurity challenges in Switzerland and how you can protect yourself in concrete terms:

Malware

Risk: If basic IT protection is inadequate, malware can be introduced. Malicious programs such as viruses, Trojans, or spyware can infect and damage systems.

Protective measures: Regular software updates for servers and network devices, closing open ports for remote access, multi-factor authentication

Blackmail letters

Risk: Ransomware is used to encrypt data in a system. The victim is then required to pay a ransom to regain access to the data. In addition, cybercriminals often threaten to publish the data if no payment is made.

Protective measures: Do not respond to ransom demands; instead, report the incident to the relevant cantonal police and BACS, identify the point of entry, identify and isolate infected systems (disconnect from the network and Wi-Fi, but do not shut down).

DDoS attacks (Distributed Denial of Service)

Risk: A system is overloaded with a massive flood of requests, causing it to slow down, crash, or become inaccessible to users. The aim of such an attack may be to harm the company, blackmail it, or spread political messages.

Protective measures: Install monitoring systems that detect unusual data traffic at an early stage and raise the alarm; use a DDoS protection solution that only forwards “real” traffic; distribute the load of incoming data traffic across multiple servers and use a short-term scalable infrastructure

CEO fraud

Risk: In the “CEO scam,” employees receive fake calls or emails in which cybercriminals pose as executives in the company and appear very genuine. Their goal is to pressure employees into transferring money to the fraudsters’ account or divulging sensitive information by claiming urgency or confidentiality.

Protective measures: Strict approval processes based on the dual control principle, binding internal communication channels, and raising employee awareness of social engineering—a method of manipulating or deceiving people into revealing confidential information or performing certain actions. 

Greater cybersecurity in Switzerland requires preparation, communication, and vigilant leadership!

Clearly, the best cyberattack is one that leaves the attacker empty-handed. When it comes to cybersecurity in Switzerland, prevention is clearly the priority. After all, an incident not only threatens financial and data losses, but also a loss of trust. To this end, data protection laws must be complied with.

In the event of an incident, it is essential that senior management is on the bridge. From the outset, clear and transparent communication, possibly also with the NCSC, is a key element of effective crisis management. It is best to bring an IT security consultant from Switzerland on board at an early stage to prepare for the worst-case scenario. Any questions? We are happy to help!