Get the latest digital thinking direct to your inbox. Join more than 14,000 fellow digital enthusiasts for our regular round-up of the latest news, project updates and ideas to inspire.
After subscribing to our newsletter you can download the document.
The ePower parliamentary group discussed the highly topical and virulent subject of cyber security at its traditional session event on Tuesday evening. National Councillor Franz Grüter, member of the ePower core team, welcomed top-class representatives from politics, administration, business and science. The cross-party audience agreed: cyber security is the order of the day.
The evening was opened by none other than Federal Councillor Ueli Maurer. The head of the Federal Department of Finance left no doubt about the importance of the topic: the cyber threat is one of the four main risks for Switzerland.
The complete article is available in the national language German and French.
The Swiss Digital Initiative presents the world’s first label for digital responsibility. As of now, trustworthy digital services can be identified more easily.
Those offering digital services can declare their digital commitment in a credible manner. Both Swisscom and Swiss Re became the first to receive the Digital Trust Label for their digital services. Credit Suisse is in the midst of the labelling process. Others have committed to following suit.
The Swiss Digital Initiative, a Foundation initiated by digitalswitzerland in 2020, has created over the past two years, the first Digital Trust Label. The Label is a clear commitment to digital responsibility and empowers users of digital services to make better decisions and gives companies a tool to set them apart from their competition and commit to digital responsibility.
Digital services are increasingly part of every aspect of our lives. On a daily basis, we use them from checking the weather in the morning, to interacting with our bank, filing an insurance claim to grocery shopping. In all these interactions, we need to blindly trust that providers’ digital services are working reliably and protect our data. With almost daily news about scandals, data breaches and successful cyberattacks, trust is eroding.
On the other hand, providers investing significant resources and effort into providing safe and trustworthy digital services face difficulties credibly signalling those efforts to customers. Why should one service be considered by customers and regulators as more trustworthy than another?
The Digital Trust Label initiated by the Swiss Digital Initiative addresses both the problems of digital trust and accountability. It is a clear and easily understandable Label that denotes the trustworthiness of a digital service. It shows a clear commitment to digital responsibility, which not only provides customers with much needed transparency and additional information but also gives companies a tool to navigate a rapidly changing regulatory environment and set themselves apart from the competition.
The Label is issued on the basis of an in-depth audit conducted by an independent auditor. The auditor in turn bases his work on the Label criteria catalogue that was developed with the Swiss Digital Initiative’s main partner, EPFL, and experts from diverse backgrounds such as cybersecurity and consumer organisations. The feasibility of such criteria was then tested with the co-development organisations such as SwissRe, Booking.com and Swisscom. The Label criteria catalogue is the result of two years of expert work, user studies and public consultations and ensures practicality as well as leading expertise. To keep up with technological developments and market demand, the Label criteria catalogue will also be continuously updated.
The Digital Trust Label takes into account existing standards and regulatory frameworks such as GDPR and combines the dimensions of security, data protection, reliability and fair user interaction. This combination sets it apart from other Labels that might go into more detail in one dimension but cannot make a comprehensive assessment of trustworthiness. As such, the Label is particularly interesting for digital services where the question of digital trust is of importance, e.g. due to the handling of sensitive data or automated decision-making and other applications of artificial intelligence. For our overarching vision of digital trust, be sure to check out our Digital Trust Whitepaper.
The trend for growing importance of digital responsibility and digital trust is evident, not just by regulatory discussions and actions around the world but also by the fact that the Swiss Digital Initiative has identified around 50 like-minded initiatives globally. Labelling can act as a first step towards a trustworthy digital transformation by showing a clear commitment to digital responsibility.
How can you get the Digital Trust Label for your digital service? Once a company has identified a relevant digital service, the complexity, cost and duration of the audit is discussed in a scoping call with SDI and the auditor. With a price range of CHF 22’000 – 45’000, the Label is primarily designed for business-to-consumer (B2C) and business to business to consumer (B2B2C) digital services with a high user exposure.
After the audit is conducted, SDI experts will perform an additional check and decide on the label award. Once the Label has been granted, the service provider may use it for the audited service. The Label is granted for three years with two quality checks in between. Given technological progress, a repetition of the audit after the initial three-year Label validity period is highly recommended to show continued commitment to trustworthy digital services.
Learn more about the Digital Trust Label here. You can also reach out to Sarah Gaedig, DTL project manager: sarah@sdi-foundation.org
Study on digitalisation and cybersecurity in SMEs 2021
The current study on digitalisation and cybersecurity in SMEs 2021 has revealed that home office has established itself as a place of work for SMEs. Small businesses in Switzerland are demonstrating flexibility. Home office uptake doubled since the start of the Corona crisis. The downside: while a quarter of the companies surveyed were affected by cyberattacks in 2020, more than a third were affected in the current survey. The implementation of technical measures against cyberattacks is at a high level. However, there is much potential in the implementation of organisational measures such as conducting security audits and employee training.
The survey was carried out on behalf of the Swiss Mobiliar Insurance Company Ltd, digitalswitzerland, Allianz Digitale Sicherheit Schweiz, the University of Applied Sciences Northwestern Switzerland FHNW – Digital Transformation Competence Centre and the Swiss Academy of Engineering Sciences SATW.
Read the study in German.
Read the press release is available in German, French and Italian.
Read the press conference presentation in German and French.
The Swiss Digital Initiative (SDI) is in the process of creating the Digital Trust Label (DTL), a label that denotes the trustworthiness of a digital service in clear visual plain non-technical language. It represents a mark of confidence that a service provider takes its promise of meeting consumer expectations seriously.
The DTL is based on a controllable and auditable list of guarantees which a service will provide. The SDI is now conducting an open public consultation on the latest version of the label and welcomes all constructive feedback, inputs and comments until 9 April 2021.
Please find more information on how to be a contributor to the DTL.
First conducted in Switzerland in 2020
8 out of 10 SMEs entrust their digital infrastructures to external IT service providers and also seek advice from them in the area of cybersecurity. However, there is hardly any progress in the implementation of measures to protect against cybercrime. The results of the latest study on digitalisation and cybersecurity in SMEs make it clear: the more companies identify themselves as digital pioneers, the more often they implement technical and organisational measures to strengthen cybersecurity in their company. However, while in previous years around one fifth of the SMEs surveyed always saw themselves as digital pioneers, in 2023 this figure is only around one tenth.
The survey was carried out on behalf of the Swiss Mobiliar Insurance Company Ltd, digitalswitzerland, Allianz Digitale Sicherheit Schweiz, the University of Applied Sciences Northwestern Switzerland FHNW – Digital Transformation Competence Centre and the Swiss Academy of Engineering Sciences SATW.
Published 21 June 2021
As in other sectors, digitalisation and the ageing of society will be drivers for the decline in labour market supply. The ageing of society means that an increasingly large proportion of the population will no longer be available as a workforce. The overarching goal of the study is to capture the skilled labour potential of the 58 – 70 age cohort in ICT and the opportunities to activate that group.
First conducted in Switzerland in 2015; annually updated.
digitalswitzerland supports the annual Swiss Software Industry Survey (SSIS), the largest study in all of Switzerland to examine the industry’s key performance indicators, which is carried out by the Institute of Information Systems at the University of Bern. The SSIS is a long-term survey and provides information on the latest situation, the newest trends and long-term developments in the Swiss software industry.
The complete study results since 2015 until today:
First conducted in Switzerland in 2010; updated every two years.
The number of people working in information and communication technology (ICT) in Switzerland is growing at twice the rate of the overall economy. Every two years, ICT Vocational Training Switzerland, a subsidiary association of digitalswitzerland, considers how many ICT specialists the country will need in the coming eight years.
The complete study results since 2010 until today (only available in German):
First conducted in Switzerland in 2019
From 25 January to 15 February 2019, the market and social research institute gfs-zürich asked one thousand adults in German-speaking and western Switzerland about online security.
The survey shows that about one million people in Switzerland have already been affected by an attack via the Internet. These attacks resulted in financial damage, needed time and expense to put them right or had a stressful emotional impact. Nonetheless, more than half of those affected believe they are sufficiently well informed to be able to protect themselves against such attacks. This conflicting view, at odds with the reality of the damage caused, shows just how important comprehensive awareness-raising activities are.
First conducted in Switzerland in 2017.
More than a third of all Swiss SMEs are affected by cyber-attacks. Most, however, still feel they are well to very well protected, and only 4% of SMEs’ CEOs consider a cyber-attack a significant or very significant risk to their livelihood. These disturbing findings are from the representative survey carried out by market and social research institute gfs-zürich. Trade associations and the government are being pressed to take action to counteract this nonchalance towards cyber-attacks.
First conducted in Switzerland in 2015.
The study shows that job-seeking IT professionals aged 45 and over are well qualified overall. The fact that job market opportunities fall as applicants get older could be related to recruiting filters. There is a lack of transparency in the IT industry due to the lack of a single language for describing capabilities and requirements. The study proposes specific measures to promote opportunities on the labour market for Swiss IT professionals. The measures and recommendations are aimed at applicants/employees, employers and industry associations, educational institutions as well as politicians and administrators.
Thanks to modern infrastructure and location-independent activities, two-thirds of Swiss SMEs were able to respond quickly to the coronavirus lockdown and in many cases could switch easily to working from home. At the start of 2020, an average of 10% of employees worked primarily from home, and during the lockdown this rose to almost four times as many. The numbers fell again after the lockdown, and with 16% of employees now working from home, this equates to a 60% increase compared to the start of the year. While Swiss SMEs demonstrated flexibility, the risks from home offices and digitalisation are underestimated by many companies. Although a quarter of Swiss SMEs have already been victims of a serious cyberattack, two-thirds of SMEs neither hold regular employee training on the subject of cyber security nor have a security concept in place.
From August to October 2020, the market and social research institute gfs-zürich conducted a representative survey of 503 CEOs of small companies (with 4 to 49 employees) in the German, French and Italian-speaking regions of Switzerland on the effects the coronavirus pandemic has had on digitalisation. The survey was commissioned by digitalswitzerland, Mobiliar, the National Cyber Security Centre (NCSC), the School of Business of the University of Applied Sciences and Arts Northwestern Switzerland (FHNW) and the Swiss Academy of Engineering Sciences (SATW).
An overview of the main findings:
Florian Schütz, Federal Cyber Security Delegate, praised the adaptability of Swiss SMEs: “It is really promising to see how much progress even the smaller SMEs in Switzerland have made with regard to their IT infrastructure, and that increasing focus is being placed on cyber security. The lockdown showed how important the digital transformation is for companies to remain adaptable. Many SMEs have recognised this and are accelerating their digitalisation activities. However, the current situation also makes it clear how important it is that we create framework conditions in order to shape cyber security in Switzerland in a way that the opportunities associated with digitalisation can be exploited as much as possible. The federal government plans to further expand its efforts and actively support the general population and businesses in the protection against cyber risks.”
Andreas Hölzli, Head of the Cyber Risk Competence Centre at Mobiliar, explained that “Although Swiss SMEs are investing in IT security, one in four of the SMEs surveyed has already been a victim of a cyberattack. The problem is that organizational measures in particular are often considered less important. Companies need measures that go beyond the technical aspects, including raising awareness among their employees, for instance.”
Prof. Dr Marc K. Peter of FHNW believes that working from home will become an established component of the new working world strategy for “blended working” in the long term: “For many jobs, a combination of working from home and working in the office will become part of everyday life. With this, however, urgent consideration needs to be given to the fact that this will require huge investments in technology and IT at Swiss SMEs.”
For Nicole Wettstein, Cybersecurity Programme Manager at SATW, the large number of SMEs affected by a cyberattack is motivation for driving forward the current awareness-raising activities: “It is crucial that the number of SMEs implementing the minimum measures for basic cyber security protection continues to increase.”
Andreas W. Kaelin, Deputy Managing Director and Head of Cyber Security Dossier at digitalswitzerland, indicated that, “according to the survey, around two-thirds of small businesses rely on the support of external IT service providers. This means we need to urgently take action to make it easier for companies to identify trustworthy IT service providers, because the security of a company relies entirely on the service providers.”
Beyond acknowledging the importance of using new technologies to fight Covid-19, such an app also raises critical questions and concerns: Would it tempt states to increase their surveillance of citizens’ behaviour? How will data protection and privacy be ensured? What would a widespread use of the app mean for our society?
The blog is part of a blog series, which looks at issues that are tackled by the Swiss Digital Initiative (SDI). An initiative, which has been launched in September 2019 by digitalswitzerland and under the patronage of Federal Councilor Ueli Maurer. It aims to promote the responsible use of new technologies through concrete projects. In the last weeks, the need to incorporate ethical principles and values into technologies has become more apparent than ever.
A recent survey by Deloitte revealed that almost two thirds of the Swiss population are in favour of digital contact tracing.
Intermediary results of an ongoing survey conducted by the innovation ethics lab ethix show that participants are willing to use a decentralized model – as promoted in Switzerland – and consider the balance between protection of privacy and contribution of the app to crisis resolution to be acceptable. For those resistant to this, the impact on privacy is disproportional.
In Switzerland, ETH and EPFL are working on an app, based on the DP3T (Decentralized Privacy-Preserving Proximity Tracing) concept, that will use the new Google and Apple contact tracing APIs when they become available. The app is designed to alert users who have been in contact with a person tested positive for the coronavirus. It does not trace the user location, but only traces proximity between users of the app on the basis of Bluetooth. As soon as two app users come into close contact, the proximity tracing app registers the contact as an encrypted “handshake”. If someone tests positive for the coronavirus this person can notify their anonymous contacts registered by the app and stored in a decentralized manner. According to EPFL and ETH, the app will be ready by 11 May.
The app alone is not the solution, but must be part of a larger strategy combined with additional measures (e.g. comprehensive testing).
For the app to be effective, it must be used by as many people as possible. Trust in the app is therefore essential. A key to trust is to ensure that the app meets the highest standards of privacy and security and maintains appropriate control mechanisms. The following main criteria must be fulfilled.
Both the Federal Data Protection Commissioner, Adrian Lobsiger, and the National Ethics Committee gave green light for digital contact tracing under specific conditions. They emphasised above all the consensus aspect: every step must be voluntary and without compulsion, even after installation. The Federal Council announced that the use of the app will be voluntary in Switzerland.
It is crucial that the application ensures user data privacy and enables user control over their data. It should therefore be open sourced to allow other software developers to review how it is built. As for the Swiss solution, both the documentation and a sample implementation are available on GitHub.
The approach adopted by DP3T aims to provide maximum security and privacy for the end user. This decentralized storage and processing of data is an important, trust-building principle. Anonymity of the user is guaranteed.
Temporally limited, necessary, proportionally and scientifically validated
The Oxford Digital Lab published guidelines for digital tracking and tracing systems and stressed that measures infringing on fundamental rights must be time-bound, and meet standards of necessity, proportionality and scientific validity.
To summarize, from a technical point of view the Swiss solution seems to fulfill the main criteria for a trustworthy app and develops its app on the basis of “privacy by design” principles. Other countries like Germany, which pursued a central approach in the beginning, switched to a decentralized approach according to the “Swiss model”. In addition to the technical and privacy criteria, the Federal Council will need to stand united behind the app with a broad alliance of civil society, economy and science.
Open questions remain: How can we ensure the fairness of the app, how can we prevent the digital divide from widening or avoid discrimination of people who do not want or cannot use the app? What if it is not the state, but for example shops, that make it mandatory for their customers to use the app? Another point is the international compatibility: On 20 April, 43 contact tracing apps were available globally – would we have to switch to a local app when crossing the border?
The situation around Covid-19 is continuously evolving and even though science can base its recommendations on data sets and models, it is an unprecedented crisis and predictions are difficult to make. Time is crucial and all necessary means should be explored to get back to normality. To ensure that our freedom and our democratic systems are not restricted, this should happen in a responsible manner. The use of a contact tracing app must remain on a voluntary basis and be understood as one measure among many, as part of a larger strategy. Measures should be based on scientific evidence and be evaluated on the way. Communication, coordination and trust is key. The “Swiss solution” values strong privacy and data security aspects. And isn’t it a paradox: Most of us use many different apps and devices in our everyday life, sharing our data and information without a second thought, with our personal data often being commercially exploited by others.
We can only speculate on what the long-term impact of the use of the proximity app will be on our society and democracy. Waiting would be the wrong strategy. Switzerland should test new solutions, within the bounds of its unique democratic system, where inclusion, cross-sector collaboration and a pragmatic solution-oriented approach is part of its success story. Yet, a broad societal discussion on the long-term effect and proportionality of proximity tracing apps should take place.
Get the latest digital thinking direct to your inbox. Join more than 14,000 fellow digital enthusiasts for our regular round-up of the latest news, project updates and ideas to inspire.
Sign up
