With increased digitalisation and the rise in criminal activity, the risk of cyberattacks is growing. The private sector must therefore step up its efforts to defend itself against this risk accordingly. The Swiss Bankers Association recommends that measures be taken to this end in five strategic areas. These relate primarily to the banking sector, however, the economy as a whole will benefit. The key to success in this area will be close collaboration between the authorities and the private sector.
Swiss banks have traditionally met stringent cybersecurity requirements and are already making great efforts in this area. However, a large-scale cyberattack scenario against Swiss banks is more realistic now than ever before. The consequences of such an attack can have a direct impact on the Swiss population and economy, and could potentially result in serious collateral damage. Because it is becoming increasingly difficult for private sector stakeholders to defend themselves on their own, collaboration between the banks as well as with the authorities must be strengthened. There is also an urgent need for greater private sector support from the government.
The Swiss Bankers Association recommends that measures be taken as soon as possible to ensure that Switzerland’s economy as a whole can benefit from an internationally interconnected cybersecurity and data privacy apparatus. This would enable Switzerland to assume a leading position in the area of cybersecurity in international comparison and in doing so, ensure that it continues to enjoy the trust of investors and customers.
Identification of areas where action is required and the measures to be taken
Where possible, the measures described below supplement existing activities. These include the federal government’s revised National strategy for the protection of Switzerland against cyber risks (NCS), the creation of a cyber campus within the DDPS or the cybersecurity recommendations of the advisory board for the future of the Swiss financial centre, which have largely been incorporated into the revised version of the NCS.
The focus here lies on those measures that are directly related to the fight against cybercrime and apply for the entire banking sector. Measures for individual institutions have been excluded.
- Competence centre for security
The creation of a federal competence centre for security, which bundles and strengthens the corresponding responsibilities within the administration, is the highest priority. The concept for the competence centre should be drawn up with the involvement of the private sector and in particular, the banks. The aim is to ensure that the competence centre has sufficient resources with the appropriate competencies. The centre will also serve as an important point of contact for the entire private sector.
- Crisis organisation for the banking sector
The creation of a crisis organisation for the banking sector is also a high priority. In order to increase the cyber-resilience of Swiss banks, realistic crisis scenarios must be developed under the leadership of the authorities, a bank-specific crisis organisation set up and regular crisis scenario exercises conducted. The operators of critical infrastructures must be involved.
- User sensitisation
User sensitisation should also be increased. Together with the efforts of the NCS, an awareness campaign for the public should be co-developed under the leadership of the federal government, or other existing resources used. The objective is to highlight particular risks of the internet, including issues relevant to banking, in order to increase the population’s necessary, specific knowledge of cyber risks.
Improvements are needed in education. Sufficient cybersecurity specialists must be trained in level 2 secondary education (secondary schools, specialised secondary schools, vocational secondary schools, apprenticeships) and in tertiary education (universities of applied sciences, universities), to ensure the availability of experts in Switzerland. In addition, cyber-related risks should be integrated into all courses of study in order to strengthen the non-technical cyber competencies of all students.
Collaboration within the finance industry and with the authorities is important and must be increased, as must coordination in the military and civilian domains. Collaboration between the banks and a pooling of resources should in particular be fostered