Written by Sarah Reynolds on Tuesday October 24, 2017
Stepping up the fight against cybercrime in Switzerland
Privacy and Switzerland are often seen as synonymous, and whilst Switzerland is no longer seen as a secrecy haven, protecting client data is still a badge of honour for the country. Data protection law in Switzerland has a level of protection like that of the EU Data Protection Directive, and in some respects, is reported to even go beyond EU Law, especially in relation to the protection of data pertaining to legal entities. But in an age of cyber-enabled crime, can Switzerland ensure that data is secure?
Despite establishing the Cybercrime Coordination Unit Switzerland (CYCO) back in 2003, and despite having a national strategy for the protection of Switzerland against cyber risks, when it comes to cyber security legislation Switzerland is considered by some as less advanced than some of its European counterparts. Is this really the case?
The Swiss business landscape has seen cyberattacks over the last year, which have included:
KPMG this year produced their third consecutive annual report entitled Clarity on Cyber Security which focused on Swiss businesses. The survey’s goal was to gain an insight into the current state of cyber security in Swiss companies. There were 60 participants in total, 32 from large enterprises (>5,000 FTSEs) and 28 from small and mid-size companies (SMEs). Individual interviews were conducted with C-level partners (CEO, COO, CIO, CMO) from different industries, including the government, financial services, energy and natural resource providers and healthcare.
Astoundingly, 88% of respondents had suffered a cyberattack in the last 12 months, (in comparison to 54% in 2016), highlighting that being the victim of a cybercrime attack is a real, everyday risk to the day-to-day operations of most Swiss businesses. These attacks disrupted business processes in 56% of companies, with 37% having suffered reputational damage and 36% of respondents claiming to have suffered a monetary loss because of the attack.
The human factor is a crucial stimulus in cyber security: human error and social engineering can often play a key role when it comes to data breaches. But it isn’t solely a case of careless users, rather, a design flaw in cyber defence according to KPMG. Another of the survey’s insights revealed that user-friendliness plays a secondary role in cyber security with 66% of respondents stating that their organisation does not systematically work on cyber security measures that are user-friendly, with just 11% consulting a specialist to achieve user-friendly design.
‘It may be difficult to cope with the speed of change’ – Matthias Bossardt, Head of Cyber Security, KPMG
The innovation of technology has catapulted in the last few years, creating as many growth opportunities as it has risks. Computer viruses, phishing, attacks by denial of service: the weapons used by cyber-activists and cyber-criminals are as varied as they are dangerous and can affect both individuals and companies.
However, the landscape for the future fight against cybercrime in Switzerland is not all bleak. According to KPMG’s report the Swiss business world has improved and continues to improve in terms of dealing with the threat of cybercrime attacks, with 81% of respondents indicating that they have gained a greater awareness of risks over the last 12 months, 52% saying that they had developed a better understanding of the attackers' motivation, strategy, and tools; and 44% declaring that they feel that the level of cooperation and knowledge exchanged within the security industry has improved, leading to 44% believing that their prediction capabilities had improved.
The Swiss financial sector’s regulatory body – FINMA – is also taking these issues very seriously, having placed more focus on cyber threats, the associated risks and the countermeasures financial institutions are taking. On 1 November 2016, FINMA published a revised version of circular 2008/21 ‘Operational risks – banks’. The Principle 4 of the updated circular on technological infrastructure includes requirements relating to the management of cyber risks. It applies to all banks, regardless of their size or supervisory category, and came into force on 1 July 2017.
As the last 12 months in Switzerland demonstrated, the damage cybercrime is capable of inflicting is no Halloween horror story but a real threat that poses risks to individuals and businesses. Recognising this, Swiss businesses have upped their efforts to tackle it. Criminals will not, however, being taking their foot off the pedal, so it’s crucial that Swiss organisations continue the progress they have made in the fight against cybercrime.
Thank you. Your comment is awaiting moderation and should appear on the site shortly.
Required fields are not completed, please ensure all required fields (*) have been filled in properly.
You can leave the name empty should you wish to remain Anonymous.