One in twenty people have been the victim of a cyberattack in the last three years – protective measures are often neglected

In the last three years, four percent of the SMEs surveyed in the Cyber Study 2024 have been victims of a cyber attack, which, extrapolated to Switzerland as a whole, corresponds to around 24,000 companies. 73% of those affected suffered significant financial damage. While 68% of the IT service providers surveyed consider the risk of a cyber attack to be high or very high, more than half of the SMEs surveyed rate the risk of a serious attack as low. This false sense of security could have serious consequences for companies if they do not take action quickly. It is also worrying that four out of ten companies have no emergency plan and no business continuity strategy in the event of a serious cyber attack. “Cybersecurity must be a priority. We can improve digital literacy in SMEs and minimise risks through awareness-raising and training. To this end, Mobiliar has launched a mobile event series called ‘Cyber on Tour’, which offers employees of SMEs the opportunity to experience cyber threats first hand and actively protect themselves against them” says Simon Seebeck, Head of the Cyber Risk Competence Centre at Mobiliar.

Most of the IT service providers interviewed for the study recommend that Swiss SMEs take the issue of security more seriously (43%) and train their staff (29%). When it comes to choosing the right IT service provider, Andreas W. Kaelin, co-founder and managing director of Allianz Digital Security Switzerland ADSS, advises: “IT service providers have a direct influence on the cyber resilience of their SME customers. It is therefore important that they can prove their technical and organisational expertise, for example with the CyberSeal quality seal.”

The study shows that efficient digital tools such as password managers, biometrics and passkeys are only used cautiously in SMEs. Swiss SMEs find it even more difficult to implement organisational measures such as security concepts or to carry out security audits and staff training.

In the last three years, five percent of the private individuals surveyed were affected by a cyber attack. And yet the majority of respondents believe that they are fairly well to very well informed about how to protect themselves from cyber attacks. Around half rate the cyber security of their own household as high. This assessment is at odds with the behaviour of the majority of respondents: for example, over a third of survey participants mostly use the same password for different services, and many do not carry out updates in a timely manner. “The gap between awareness and action is worrying”, emphasises Katja Dörlemann, President of SISA. “While many recognise the importance of cybersecurity, few are taking concrete steps to protect their digital lives. It is crucial that both individuals and companies take proactive steps to mitigate the increasing threats.”

The difference between the perceived and actual threat is also evident in the area of online shopping. Almost three quarters (72%) of respondents are not at all or only rarely concerned about being defrauded on online shops or booking platforms, although 13 per cent of respondents have actually experienced in the last five years paying for something they did not receive.

The study shows that almost two-thirds of respondents would like to be better informed about how to protect themselves online, but that they lack the will or ability to take action. Kristof Hertig, Lead Cybersecurity & Infrastructure, digitalswitzerland, points out: “Cybersecurity information already exists today. However, it needs to be better communicated to the public. In the fast-paced world we live in, cybersecurity is a distant thought for many.”

The 2024 Cyber Study emphasises the urgent need for additional precautions against cybercrime to be implemented in both private households and companies. “Small and medium-sized enterprises and private individuals in particular need help to strengthen their resilience”, says Nicole Wettstein of the Swiss Academy of Engineering Sciences (SATW). “Cooperation between companies, IT experts and political decision-makers is key to promoting secure digital everyday life in Switzerland.”