Many Swiss company bosses underestimate the risk of cyber attacks

According to a study, the topic of cybersecurity is still underestimated by many Swiss company bosses. Little progress has been made, especially in implementing measures to protect against hacker attacks.

This is evident from a study by the market and social research institute GFS. The key finding: Swiss SMEs still gave cybersecurity a low priority. And a long-term comparison shows that the protective measures are only being implemented hesitantly. “So there is little progress in the fight against cybercrime,” Simon Seebeck, head of the Cyber ​​Risk Competence Center at Mobiliar-Versicherung, said on Tuesday.

More than 500 bosses interviewed

A total of 502 SME managers were questioned about the effects of digitalization and cybersecurity. This is on behalf of digitalswitzerland, the insurance company Mobiliar, the University of Applied Sciences Northwestern Switzerland FHNW, the Swiss Academy of Technical Sciences SATW and the Swiss Digital Security Alliance.

There are certainly companies that describe themselves as so-called ‘digital pioneers’ and are further than average in the technical and organizational implementation of security measures in the IT sector. But such companies are becoming increasingly rare.

Specifically, about a fifth of SMEs surveyed considered themselves “pioneers” in recent years. In this year’s study that was only a tenth.

“In general, it is not just about the technical implementation of security measures,” Seebeck continued. Especially because this is often outsourced to external IT service providers. Above all, organizational measures – such as increasing employee awareness or backing up data – should be taken seriously and addressed accordingly.

Major companies in sight

However, when asked about actual incidents, only about 11 percent of SMB executives said they had already fallen victim to cybercriminals. Once again, more than half of those attacked suffered financial damage.

Overall, small and medium-sized businesses are likely to be less affected by cyber attacks than large companies. According to a study published by consultancy Deloitte about two weeks ago, 45 percent of companies with more than 250 employees have already been the victim of an attack at least once. Of the SMEs surveyed, significantly fewer companies (18 percent) experienced a ‘serious attack’.

In fact, the powerful Russian-speaking ransomware gangs have so far mainly targeted large Western European companies with their cyber attacks. The opportunistic perpetrators prefer victims who are financially strong and relatively easy to attack. However, as more and more internationally active companies effectively secure their IT systems, cybercriminals may start targeting less well-protected smaller companies.

(dsc/sda/awp)