Stepping up the fight against cybercrime in Switzerland

Written by Sarah Reynolds on Tuesday October 24, 2017

Stepping up the fight against cybercrime in Switzerland

Privacy and Switzerland are often seen as synonymous, and whilst Switzerland is no longer seen as a secrecy haven, protecting client data is still a badge of honour for the country. Data protection law in Switzerland has a level of protection like that of the EU Data Protection Directive, and in some respects, is reported to even go beyond EU Law, especially in relation to the protection of data pertaining to legal entities. But in an age of cyber-enabled crime, can Switzerland ensure that data is secure?

Despite establishing the Cybercrime Coordination Unit Switzerland (CYCO) back in 2003, and despite having a national strategy for the protection of Switzerland against cyber risks, when it comes to cyber security legislation Switzerland is considered by some as less advanced than some of its European counterparts. Is this really the case?  

Cyberattacks  

The Swiss business landscape has seen cyberattacks over the last year, which have included:

• the Swiss defence department falling victim to an attack in 2016 which bore similarities to an earlier espionage attack on Ruag, a Bern-based technology company that supplies Switzerland’s military with munition
• in the same year an attack on the Swiss Federal Railway and Swiss Peoples Party (SVP) websites (however a group called the NHSC claimed responsibility stating that they had designed the attached to expose vulnerabilities with the countries technical infrastructure and claimed to have no malicious intentions behind the attack)
• a ransomware called ‘WannaCry’ hit cyberspace in May 2017 (Switzerland however was relatively unscathed with 200 victims noted in the country; relatively low numbers compared to the estimated chaos caused in over 150 countries!)
• malware dubbed ‘NotPetya’ struck in June 2017, and affected at least seven Swiss companies.

KPMG this year produced their third consecutive annual report entitled Clarity on Cyber Security which focused on Swiss businesses. The survey’s goal was to gain an insight into the current state of cyber security in Swiss companies. There were 60 participants in total, 32 from large enterprises (>5,000 FTSEs) and 28 from small and mid-size companies (SMEs). Individual interviews were conducted with C-level partners (CEO, COO, CIO, CMO) from different industries, including the government, financial services, energy and natural resource providers and healthcare.

Astoundingly, 88% of respondents had suffered a cyberattack in the last 12 months, (in comparison to 54% in 2016), highlighting that being the victim of a cybercrime attack is a real, everyday risk to the day-to-day operations of most Swiss businesses. These attacks disrupted business processes in 56% of companies, with 37% having suffered reputational damage and 36% of respondents claiming to have suffered a monetary loss because of the attack.

The human factor is a crucial stimulus in cyber security: human error and social engineering can often play a key role when it comes to data breaches. But it isn’t solely a case of careless users, rather, a design flaw in cyber defence according to KPMG. Another of the survey’s insights revealed that user-friendliness plays a secondary role in cyber security with 66% of respondents stating that their organisation does not systematically work on cyber security measures that are user-friendly, with just 11% consulting a specialist to achieve user-friendly design.

 ‘It may be difficult to cope with the speed of change’ – Matthias Bossardt, Head of Cyber Security, KPMG

The innovation of technology has catapulted in the last few years, creating as many growth opportunities as it has risks. Computer viruses, phishing, attacks by denial of service: the weapons used by cyber-activists and cyber-criminals are as varied as they are dangerous and can affect both individuals and companies.

However, the landscape for the future fight against cybercrime in Switzerland is not all bleak. According to KPMG’s report the Swiss business world has improved and continues to improve in terms of dealing with the threat of cybercrime attacks, with 81% of respondents indicating that they have gained a greater awareness of risks over the last 12 months, 52% saying that they had developed a better understanding of the attackers' motivation, strategy, and tools; and 44% declaring that they feel that the level of cooperation and knowledge exchanged within the security industry has improved, leading to 44% believing that their prediction capabilities had improved.

The Swiss financial sector’s regulatory body – FINMA – is also taking these issues very seriously, having placed more focus on cyber threats, the associated risks and the countermeasures financial institutions are taking. On 1 November 2016, FINMA published a revised version of circular 2008/21 ‘Operational risks – banks’. The Principle 4 of the updated circular on technological infrastructure includes requirements relating to the management of cyber risks. It applies to all banks, regardless of their size or supervisory category, and came into force on 1 July 2017.

As the last 12 months in Switzerland demonstrated, the damage cybercrime is capable of inflicting is no Halloween horror story but a real threat that poses risks to individuals and businesses. Recognising this, Swiss businesses have upped their efforts to tackle it. Criminals will not, however, being taking their foot off the pedal, so it’s crucial that Swiss organisations continue the progress they have made in the fight against cybercrime.

Find out more about ICA qualifications in Switzerland here ►