Over the last three years, 4% of SMEs surveyed have been victims of a cyberattack, which, extrapolated, represents around 24,000 companies in Switzerland.
The Cyber Study 2024 offers a representative overview of digital security awareness among SMEs, the general public and IT service providers in Switzerland. Although the vast majority of respondents view cybercrime as a serious threat, few take proactive protective measures. However, over the last three years, 4% of SMEs and IT service providers as well as 5% of the population have been victims of a cyberattack.
Over the last three years, 4% of SMEs surveyed have been victims of a cyberattack, which, extrapolated, represents around 24,000 companies in Switzerland. Of these, 73% suffered significant financial losses. While 68% of IT service providers surveyed rate the risk of a cyber attack as high or very high, more than half of SMEs surveyed believe the risk of a serious attack is low. This false sense of security could have serious consequences for businesses that do not take action quickly. It is also worrying that 4 in 10 companies do not have a contingency plan or strategy to ensure business continuity in the event of a major cyber attack. “Cybersecurity must become a priority. Through awareness and training, we can improve digital skills in SMEs and minimize risks. To this end, Mobilière has launched a series of mobile events: ‘Cyber on Tour’ allows employees of SMEs to discover cyber threats in a concrete way and to learn how to actively protect themselves from them,” says Simon Seebeck, head of the Cyber Risk skills center at Mobilière.
Strong potential thanks to improved organizational and technical measures
Most IT service providers surveyed in the study recommend that Swiss SMEs take the topic of security more seriously (43%) and train their staff (29%). When it comes to choosing the right IT service provider, Andreas W. Kaelin, co-founder and director of the Swiss Digital Security Alliance (ASDS), says: “IT service providers have a direct influence on the cyber resilience of their clients. SMEs. It is therefore essential that they can demonstrate their technical and organizational skills, for example through the CyberSeal quality label.”
The study reveals that effective digital tools, such as password managers, biometrics or access keys, are only used to a limited extent in SMEs. Organizational measures, such as implementing security concepts, carrying out security audits and staff training, are met with even more resistance among Swiss SMEs.
Individuals perceive their own cybersecurity as high
Over the past three years, 5% of individuals surveyed have been victims of a cyberattack. However, the majority of respondents believe they have good, or even very good, knowledge of the means to protect themselves against cyberattacks. About half rate their home’s cybersecurity as high. This perception, however, contrasts with the behavior of the majority of respondents: more than a third of survey participants use the same password for different services and many do not regularly carry out the required updates.
“The gap between awareness and practice is worrying,” emphasizes Katja Dörlemann, President, SISA. “Although many people recognize the importance of cybersecurity, few are putting concrete measures in place to protect their digital lives. It is essential that individuals and businesses alike take proactive steps to deal with growing threats.”
The population wants to be better informed about protection against cyberattacks
The gap between threat perception and reality is also evident in the area of online shopping. Around three quarters (72%) of those surveyed have little or no concern about the risk of fraud on online stores or booking platforms, while 13% of them have actually already paid for a product that they they have never received in the last five years.
The study shows that almost two thirds of respondents would like to be better informed about ways to protect themselves online, but often lack the will or skills to take concrete action. Kristof Hertig, head of cybersecurity and infrastructure at digitalswitzerland, explains: “There is already information on cybersecurity, but it needs to be better disseminated to the population. In a daily life where everything moves quickly, cybersecurity remains a distant concern for many.”
Need to act: cybersecurity is a shared responsibility
The 2024 Cyber Study highlights the urgency of implementing additional measures against cybercrime, both in homes and businesses. “Small businesses and individuals in particular need support to strengthen their resilience,” explains Nicole Wettstein of the Swiss Academy of Technical Sciences (SATW). “Collaboration between businesses, IT specialists and policy makers is crucial to promoting a secure digital everyday life in Switzerland.”