close

How can we help?

We might not have all the answers but we welcome all questions. Please reach out to us with media inquiries, questions about membership or non-political partnership, ideas or requests. We look forward to hearing from you in any of the official Swiss languages or English.

How can we help? EN
I hereby confirm that I have read and agree with the privacy policy. *

Become a Member or non-political partner.

Do you have any further questions around becoming a digitalswitzerland member or a non-political partner of our foundation? We are happy to have a conversation with you about our offerings.

Become a member or partner EN
I hereby confirm that I have read and agree with the privacy policy. *

close

Newsletter

Get the latest digital thinking direct to your inbox. Join more than 14,000 fellow digital enthusiasts for our regular round-up of the latest news, project updates and ideas to inspire.

Newsletter icon
close

Download document

After subscribing to our newsletter you can download the document.

Newsletter icon

One in twenty people have been the victim of a cyberattack in the last three years – protective measures are often neglected

The Cyber Study 2024 is a representative survey that provides insights into the digital security awareness of SMEs, the population and IT service providers in Switzerland. Although almost all respondents perceive cybercrime as a serious threat, only a few take proactive protective measures–even though four percent of SMEs and IT service providers and five percent of the population have been victims of a cyberattack in the last three years.

In the last three years, four percent of the SMEs surveyed in the Cyber Study 2024 have been victims of a cyber attack, which, extrapolated to Switzerland as a whole, corresponds to around 24,000 companies. 73% of those affected suffered significant financial damage. While 68% of the IT service providers surveyed consider the risk of a cyber attack to be high or very high, more than half of the SMEs surveyed rate the risk of a serious attack as low. This false sense of security could have serious consequences for companies if they do not take action quickly. It is also worrying that four out of ten companies have no emergency plan and no business continuity strategy in the event of a serious cyber attack. “Cybersecurity must be a priority. We can improve digital literacy in SMEs and minimise risks through awareness-raising and training. To this end, Mobiliar has launched a mobile event series called ‘Cyber on Tour’, which offers employees of SMEs the opportunity to experience cyber threats first hand and actively protect themselves against them” says Simon Seebeck, Head of the Cyber Risk Competence Centre at Mobiliar.

High potential through improved organisational and technical measures

Most of the IT service providers interviewed for the study recommend that Swiss SMEs take the issue of security more seriously (43%) and train their staff (29%). When it comes to choosing the right IT service provider, Andreas W. Kaelin, co-founder and managing director of Allianz Digital Security Switzerland ADSS, advises: “IT service providers have a direct influence on the cyber resilience of their SME customers. It is therefore important that they can prove their technical and organisational expertise, for example with the CyberSeal quality seal.”

The study shows that efficient digital tools such as password managers, biometrics and passkeys are only used cautiously in SMEs. Swiss SMEs find it even more difficult to implement organisational measures such as security concepts or to carry out security audits and staff training.

Private individuals rate their own cybersecurity as high

In the last three years, five percent of the private individuals surveyed were affected by a cyber attack. And yet the majority of respondents believe that they are fairly well to very well informed about how to protect themselves from cyber attacks. Around half rate the cyber security of their own household as high. This assessment is at odds with the behaviour of the majority of respondents: for example, over a third of survey participants mostly use the same password for different services, and many do not carry out updates in a timely manner. “The gap between awareness and action is worrying”, emphasises Katja Dörlemann, President of SISA. “While many recognise the importance of cybersecurity, few are taking concrete steps to protect their digital lives. It is crucial that both individuals and companies take proactive steps to mitigate the increasing threats.”

The public wants to know how to protect themselves from cyberattacks

The difference between the perceived and actual threat is also evident in the area of online shopping. Almost three quarters (72%) of respondents are not at all or only rarely concerned about being defrauded on online shops or booking platforms, although 13 per cent of respondents have actually experienced in the last five years paying for something they did not receive.

The study shows that almost two-thirds of respondents would like to be better informed about how to protect themselves online, but that they lack the will or ability to take action. Kristof Hertig, Lead Cybersecurity & Infrastructure, digitalswitzerland, points out: “Cybersecurity information already exists today. However, it needs to be better communicated to the public. In the fast-paced world we live in, cybersecurity is a distant thought for many.”

Need for action: cybersecurity as a shared responsibility

The 2024 Cyber Study emphasises the urgent need for additional precautions against cybercrime to be implemented in both private households and companies. “Small and medium-sized enterprises and private individuals in particular need help to strengthen their resilience”, says Nicole Wettstein of the Swiss Academy of Engineering Sciences (SATW). “Cooperation between companies, IT experts and political decision-makers is key to promoting secure digital everyday life in Switzerland.”

From 18th – 20th June, the Digital Identity unConference Europe (DICE) took part in Zurich. It served as a magnifying glass to the world of digital identities, revealing insights and collaborative efforts across various states, industries and communities.

Swiss E-ID: Addressing the Elephant in the Room

The first day of the unConference contained inputs from representatives in government, business and technology. In a highly anticipated opening statement Federal Councillor Beat Jans, the ‘elephant in the room’ got addressed right away: When and in what form will the E-ID and the associated trust infrastructure  be ready? Mr. Jans clarified the projected timeline and the expected form of the new E-ID infrastructure in Switzerland, as the Swiss parliament is set to pass the necessary legislation in the upcoming fall. The Federal administration envisions a multi-stack approach, relying on different technologies in order to ensure optimal security as well as interoperability. The Federal Councillor’s insights built on the previous rejection of an E-ID project by Swiss voters in 2021. As a consequence, Mr. Jans emphasised that the revised approach aimed to be more transparent and secure, incorporating feedback from various stakeholders to ensure broader acceptance. 

Global Perspectives: E-ID Approaches in Different States and Cultures

Additionally, the first day of the DICE set the Swiss E-ID project in an international context: Discussions explored how other countries are navigating the challenges and opportunities of digital identity systems, highlighting the diverse approaches to E-ID implementations across different regions of the world. From the EU’s eIDAS framework to the US government’s E-ID projects, the discussions underscored the importance of considering cultural and legal differences as well as the challenges regarding interoperability that lie ahead. Interoperability between different E-ID systems holds the premise of  a seamless user experience and broader acceptance, yet it remains a challenging frontier. Various panellists emphasised the need for a steady and well-structured approach when it comes ensuring interoperability.

The unConference format: A Hub for Collaborative Learning

For the remaining days of DICE,the traditional conference format was abandoned. Instead, the unConference format fostered an open, participatory environment where every attendee could contribute and set up their own sessions to discuss a specific topic. This dynamic setup allowed for a fluid exchange of ideas and projects, making it an ideal setting for tackling the multifaceted issues of digital identity.

User Acceptance

A recurring theme was the critical need for trust to achieve broader user acceptance, which was illustrated by discussions surrounding the implementation of the EU identity wallet system. Practical user experience focuses on making interfaces user-friendly and straightforward, with feedback loops to refine the system. Experts pointed to the importance of the wallet’s contextual relevance, accessibility to a vast amount of users, and ability to protect sensitive data. Industry standards can thereby influence its functionalities, while guardianship mechanisms should ensure that users’ rights and data are protected. The recovery process was mentioned as a vital aspect, as it must be robust and user-friendly to mitigate data loss risks and reinforce user trust in the system. By enhancing these aspects, the EU aims to create a digital identity wallet that is not only technologically robust but also widely accepted and used by the public.

Organisational Identity

The concept of organisational identity emerged as a more recent effort within the digital identity sphere. Organisational identity addresses how companies and organisations maintain their unique digital presence securely and consistently in a digital space. As organisations increasingly interact with various digital ecosystems — be it for regulatory compliance, customer engagement, or internal operations — the need for a coherent and secure organisational digital identity becomes paramount. Such an identity thereby encapsulates the organisation’s core attributes, such as its business type, industry standards, and operational roles, ensuring that all transactions and interactions are traceable and verifiable. Additionally, as organisations undergo digital transformations, maintaining a consistent identity across multiple platforms and services is essential to prevent fraud and enhance operational efficiency. Implementing strong authentication and authorization mechanisms can help organisations mitigate risks and enhance trust with partners and customers. 

Quantum Resilience

With quantum computing on the horizon, the unConference also touched upon the need for quantum-resistant digital identities. As quantum computers become more and more powerful in future, they could potentially break many of the cryptographic protocols that current digital identity systems rely on. The digital identity community is increasingly focused on developing quantum-resistant cryptography methods to ensure that digital identities remain secure even as the landscape of computing evolves. The challenge lies not only in developing these new cryptographic standards but also in integrating them into existing digital systems in a way that is seamless and transparent to users. This proactive approach in anticipating quantum resilience will play a vital role in maintaining the long-term security and viability of digital identity systems, safeguarding user data against future technological disruptions and ensuring that the digital identity ecosystem can withstand the next wave of upcoming computing advancements.

The Digital Identity unConference Europe was an innovative and collaborative  ground for sowing the seeds and growing solutions of future digital identity frameworks and technologies. The discussions and insights provided not only a snapshot of current challenges and innovations but also a vision for the path forward — a path characterised by inclusivity, security, and adaptability to future technological shifts.

Study on digitalisation and cybersecurity in SMEs 2022

With the propagated “end” of the pandemic, the flexibility of SMEs is also coming to an end. Primarily working from home has not become established, as the results of the latest study on digitalisation and cybersecurity in SMEs show. The situation is similar with cybersecurity: despite a strong presence in the media, the topic has a low priority among the companies surveyed. The implementation of organisational and technical measures to improve cybersecurity has also not increased. One third of the surveyed SMEs outsource their IT security to external service providers. The quality of the services offered is thus crucial for the security of small businesses in Switzerland.

The survey was carried out on behalf of the Swiss Mobiliar Insurance Company Ltd, digitalswitzerland, Allianz Digitale Sicherheit Schweiz, the University of Applied Sciences Northwestern Switzerland FHNW – Digital Transformation Competence Centre and the Swiss Academy of Engineering Sciences SATW.

Read the study in German. For further analysis, read the Whitepaper in German, French and Italian.

Read the press release in German, French and Italian.

Read the press conference presentation in German.