Introduction
Challenges for cyber security in Switzerland
Switzerland currently faces the following main challenges in relation to cyber security:
- High vulnerability of businesses, authorities, academia and the general population to cyberattacks;
- Insufficient ability to respond to systemically relevant cyber incidents and crises;
- Low maturity of digital products and services, in terms of cyber security and lack of quality control mechanisms thereof;
- Only selective understanding of all aspects of cyber security in business, society and politics;
- Lack of transparency and data, in order to assess information on cyber security and deriving respective political and economic measures in response;
- Limited protection of actors, which are not considered critical infrastructure;
- Lack of coordination and legal grey areas between official and private cyber security instruments.
These challenges lead to cyberattacks often being successful and causing serious economic damage, as well as posing a high risk of failures in national critical infrastructures.
Reports of cyber incidents resulting in damage have risen by around 30% annually in recent years. The number of reports from non-critical infrastructures has roughly tripled in the last 12 months. In 2023, the NCSC processed 187,000 phishing reports and identified, as well as shut down 8,223 websites in Switzerland that were used for phishing. In several hundred cases reported, the NCSC has detected malware in critical infrastructures and has worked with the companies concerned in eliminating it. On average, every 40 hours the NCSC is called on, to provide support in dealing with a malware infection.
SMEs in particular are increasingly being targeted by cyber criminals. Attackers use ransomware attacks to encrypt and steal data. They then demand a ransom for decrypting and preventing publication of the stolen data. These attacks are highly automated, which is why it takes little effort for criminals to attack even small businesses. In Switzerland, around 75% of all businesses generate less than CHF 500,000 in sales per year. It is particularly difficult for these businesses to invest in cyber security. They rely on digital products and services being developed and maintained securely, and on security services being available at low cost.
But the general public is not immune to cyberattacks either. Here, cyber fraud is the main concern. Growing anxiety and a need for information and support are clearly noticeable.
At the same time, Swiss universities and innovative companies are producing attractive cyber security solutions. However, bringing these to the market or even creating global standards is proving a challenge.
The NCSC’s vision
Cyber security is a shared responsibility by government, business, academia and society. Many organisations and individuals find it difficult to assess and deal with cyber risks. A lack of transparency about the security of digital products, leads to uncertainty among consumers and to vulnerabilities. Due to the increasing connection of networks, extensive damage can occur, as a result of inadequately protected systems.
The NCSC's vision is to improve cyber security in Switzerland in close cooperation with all the relevant stakeholders:
Mission: The four strategic pillars of the NCSC
The core mission of the NCSC is to strengthen cyber security in critical infrastructures, the economy, the education system, the population and in government, by coordinating the implementation of the National Cyber Strategy (NCS).
To this end, its services are built on four strategic pillars:
 |
Making cyber threats understandable The NCSC breaks down the complexity of cyber threats into tangible messages for its various audiences, in order to facilitate dialogue between government, business and society on cyber security. Thus, enabling all its partners to take active responsibility in reducing systemic risks. |
 |
Providing the means to prevent cyberattacks The NCSC reduces the attack surface presented by Swiss individuals and organisations in cyberspace. It proactively warns organisations of breaches, and provides them with the requisite intelligence and tooling to help prevent incidents. |
 |
Limiting the damage from cyber incidentsThe NCSC helps victims to limit the damage, as well as to minimise the risk of incidents propagating. |
 |
Increasing the security of digital products and services The NCSC promotes business models, which incentivise manufacturers to offer products and services that are both secure and affordable. It promotes transparency for users so that they can make informed decisions about the cyber security of products and services. |
The NCSC's operational model
Services and cooperations
In order to implement this value proposition as efficiently as possible, the NCSC consolidates and aggregates existing content and information, ensures their quality and conveys them between service providers and recipients in a needs-based fashion.
The NCSC is committed to the cooperation model set out in the NCS and works closely with the cantons, the private sector and universities. The aim of this collaboration is, to pool expertise and to provide mutual support so that the protection against cyber threats can be optimised.
The NCSC creates original content and only provides services itself, if no adequate third-party services are available, if such services cannot be used for the benefit of all, or if they have to be provided directly by the federal government, due to legal requirements or for reasons of confidentiality. In particular, the NCSC also sees itself as an “incubator” that initiates new services for, which there is a need. It will transfer these services to other organisations, as soon as they have reached a certain maturity and can be provided by another body in a better way.
Where possible, the NCSC provides its services in digital form, based on the platform model. Direct services are only provided where absolutely necessary, particularly in connection with incident management support and aspects of awareness-raising. Focusing on the platform model makes it possible to scale the NCSC's services with a manageable use of resources.
To this end, the NCSC has set up and operates a self-service platform, which provides access to information on cyber threats, specific and general recommendations and resources for prevention and information sharing.
Duocuments
Last modification 06.05.2024
