Cyber Study 2024: protective measures are often neglected

In the last three years, four percent of SMEs surveyed have been the victim of a cyberattack, which corresponds to around 24,000 companies in Switzerland. For 73% of those affected, this resulted in considerable financial damage. While 68% of the IT service providers surveyed consider the risk of a cyberattack to be high or very high, more than half of the SMEs surveyed consider the risk of a serious attack to be low. This false sense of security could have serious consequences for companies if they do not take action quickly.

It is also worrying that four out of ten companies have no contingency plan or business continuity strategy in the event of a serious cyber attack. "Cybersecurity must be a priority. By raising awareness and providing training, we can improve digital literacy in SMEs and minimize the risks. To this end, Mobiliar has launched a mobile event series: 'Cyber on Tour' offers employees of SMEs the opportunity to experience cyber threats first-hand and actively protect themselves against them," says Simon Seebeck. He is Head of the Cyber Risk Competence Center at Mobiliar.

High potential through improved organizational and technical measures

Most of the IT service providers surveyed for the study recommend that Swiss SMEs take the issue of security more seriously (43 %) and train their staff (29 %). When it comes to choosing the right IT service provider, Andreas W. Kaelin, co-founder and Managing Director of Allianz Digital Security Switzerland ADSS, points out: "IT service providers have a direct influence on the cyber resilience of their SME customers. It is therefore important that they can demonstrate their technical and organizational expertise, for example through the CyberSeal seal of approval." 

The study shows that SMEs are reluctant to use efficient digital tools such as password managers, biometrics or passkeys. Swiss SMEs find it even more difficult to implement organizational measures such as security concepts or security audits and staff training.

Private individuals rate their own cyber security as high

In the last three years, five percent of private individuals surveyed have been affected by a cyberattack. And yet the majority of respondents believe that they are well to very well informed about how to protect themselves against cyber attacks. Around half rate the cyber security of their own household as high. This assessment is at odds with the behavior of the majority of respondents: more than a third of survey participants use the same password for different services, and many do not update their passwords promptly.

"The gap between awareness and action is worrying," emphasizes Katja Dörlemann, President, SISA. "While many recognize the importance of cybersecurity, few are taking concrete action to protect their digital lives. It is crucial that both individuals and businesses take proactive steps to mitigate the rising threats."

Population wants information on protection against cyber attacks

The difference between the perceived and actual threat situation is also evident in the area of online shopping. Almost three quarters (72%) of respondents are not at all or rarely worried about being scammed on online stores or booking platforms, although 13% of respondents have actually experienced paying for something they did not receive in the last five years.

Although the study shows that almost two thirds of respondents would like to be better informed about how they can protect themselves online, they lack the will or the skills to take action. Kristof Hertig, Lead Cybersecurity & Infrastructure at digitalswitzerland, points out: "Information on cybersecurity already exists today. But it needs to be better communicated to the public. In fast-paced everyday life, cybersecurity is a distant thought for many."

Need for action: cyber security as a shared responsibility

The Cyber Study 2024 underlines the urgency of implementing additional precautions against cybercrime - both in private households and in companies. "Smaller SMEs and private individuals in particular need help to strengthen their resilience," says Nicole Wettstein, Head of the Cybersecurity Priority Program, Swiss Academy of Engineering Sciences SATW. "Cooperation between companies, IT experts and political decision-makers is the key to promoting a secure digital everyday life in Switzerland."