Cyber Risk in Switzerland
Switzerland is a remarkably stable and economically strong country that invests more in the health, education and talent of its people than any other country in the world.
Citizens love the extensive cantonal and local autonomy that is based on the idea of subsidiarity, but even the best system has weaknesses. The rule of the people, by the people, and for the people, requires citizens that can make decisions in areas they do not always understand, like the area of cyber risk management. There is only one solution to this problem, cyber risk awareness and training.
According to Johann Wolfgang von Goethe, Es ist nichts schrecklicher als eine tätige Unwissenheit (nothing is more terrible than to see ignorance in action). When citizens understand the risks, they will be able to protect themselves, their organization and their commune, canton and country.
The political system in Switzerland is not based on confrontation between a government and its opposition, but is dependent on consensus between political factions. This is of course great in many respects, but it is also true that it takes time to reach consensus and to respond in a rapidly changing environment. It is difficult for the Confederation to enforce strict cyber-security policies in every corner of the country.
Switzerland has an excellent cyber risk management plan. The Federal Council adopted the national strategy for the protection of Switzerland against cyber risks (NCS) on 27 June 2012 and its implementation plan (IP NCS) on 15 May 2013. The next step is the national strategy for the protection of Switzerland against cyber risks (NCS) 2018-2022.
According to the strategy, personal responsibility, national cooperation between the private and public sector, and cooperation with foreign countries, are all essential for reducing cyber risks. Digital networking exposes information and communication infrastructure to criminal, intelligence, politico-military or terrorist abuse or functional impairment. Disturbances, manipulation and specific attacks carried out via electronic networks are the risks that an information society entails. It is to be expected that these risks will tend to increase in the future.
The rationale underlying the national strategy is that every organisational unit, be it political, economic or social, bears responsibility for identifying these cyber aspects, addressing the risks entailed in their particular processes and reducing them insofar as possible. The decentralised structures in the public and private sector are to be strengthened for these tasks, and existing resources and processes are to be used consistently.
We must not forget that cybersecurity is a difficult and complex field. The board of directors and senior management of every organization of the public and the private sector must understand that cyber risks are not an IT problem, but an enterprise-wide strategic, legal, and risk management challenge.
Cyber risks have to do with reputation management, the protection of intellectual property and sensitive information, financial loss, and liability in the event of a data breach. Cyber risk management should be given regular and adequate time on the board meeting agenda.
Cyber insurance policies may help reduce a company’s financial liability risk, but they do not prevent cyberattacks and they are unlikely to cover the full financial impact of brand damage and loss in shareholder value. According to Forrester Research, at least 88% of the S&P’s market value consists of goodwill and intangible assets, such as reputation, brand, innovation, processes, know-how, and customer experience.
Cyber Risk GmbH offers cybersecurity awareness and training programs, that increase the level of expertise and knowledge across companies and organisations, and assist in the establishment of a culture of cybersecurity.
Our Catalog - Instructor-led training in Switzerland, Liechtenstein, and Germany: www.cyber-risk-gmbh.com/Cyber_Risk_GmbH_Catalog_2019.pdf