Cybersecurity is losing priority in Swiss SMEs

Given the current geopolitical tensions and existing cyber threats, it is particularly worrying that cyber security is becoming less important for Swiss SMEs. The new representative study «SME Cybersecurity 2025» is based on a survey covering 98 % of Swiss SMEs and shows that many companies probably feel too secure and attach less importance to cyber threats compared to previous years.

Threat remains consistently high, but the response remains sluggish

However, the threats from cyberspace have not diminished. As in the previous year, one in 25 companies (4 %) was affected by a cyberattack in the last three years. 5 % were blackmailed and 4 % lost money through fraudulent emails. Overall, 88 % of SMEs see cybercrime as a serious problem. Nevertheless, only 24 % of decision-makers feel incentives or expectations from their professional environment to invest more in IT security - the urgency does not reach many.

Weak resilience, yet hardly a priority

Confidence in their own defenses is falling significantly: only 42 % of companies consider their protection to be sufficient in the event of an attack - a clear decline compared to 55 % in the previous year. The general feeling of IT security has also decreased slightly: 52 % of companies feel secure (2024: 57 %), while 9 % consider themselves insecure. Despite this development, the topic of cyber security continues to lose importance: for 28 % of SMEs, the topic is no longer a priority - a marked increase compared to 18 % in the previous year. «Either companies consider the consequences of cyber attacks to be too low, or they lack the know-how or resources to give the issue a higher priority. Politics, business and science all have a role to play here in raising awareness,» says Franziska Barmettler, CEO of digitalswitzerland.

Organizational measures are lagging behind

While over two thirds of companies use technical measures such as firewalls or software updates, organizational measures remain severely underdeveloped: Only 30 % of SMEs have an IT security concept, training courses or an emergency plan; only one in five companies even carry out regular IT security audits.

IT service providers are also critical of the situation: only 39 % consider their SME customers to be secure, while 14 % consider them to be inadequately protected. Accordingly, 84 % of IT service providers expect demand for security solutions to increase, while SMEs' willingness to invest continues to fall. Only 40 % are still planning to increase their cyber security measures in the next one to three years (2024: 48 %).

Resilience as the key to digital security

«The results of the study clearly show that resilience is the key to protecting Swiss SMEs from the growing threats of cybercrime. It's not enough to feel safe - companies need to be actively prepared. As an insurance partner, we see it as our task not only to offer financial protection, but also to strengthen our customers» digital resilience. Ideally, this is achieved through a combination of technology, organization and awareness," says Simon Seebeck, Head of the Cyber Risk Competence Centre at Die Mobiliar.

Appeal from the study partners

«The study partners are calling on SMEs to treat cyber security as a strategic issue. More awareness, targeted investments and the involvement of certified IT service providers are needed. The Swiss Digital Security Alliance ADSS particularly recommends the use of CyberSeal-certified partners,» says Andreas W. Kaelin, co-founder and Managing Director of the Swiss Digital Security Alliance ADSS. Marc K. Peter from the University of Applied Sciences Northwestern Switzerland FHNW and HES-SO Valais-Wallis recommends considering cyber security as a success factor in the digital transformation: «Similar to digital topics such as AI and the world of work 4.0, cyber security belongs on the agenda of all members of boards of directors and management boards.»

Source: Alliance Digital Security Switzerland

This article originally appeared on m-q.ch - https://www.m-q.ch/de/cybersicherheit-verliert-an-prioritaet-in-schweizer-kmu/