Cyberattacks on Swiss Infrastructure: One Attack Per Day Since April 2025

The National Cybersecurity Centre (NCSC) of Switzerland is reporting alarming figures: since April 2025, the authority has registered an average of one significant cyberattack per day on critical Swiss infrastructure. The attacks strike energy suppliers, hospitals, authorities, and SMEs alike.

The Current Threat Landscape

Attack patterns have become more professional:

Ransomware-as-a-Service: Cybercriminal groups offer their attack tools as a service. Even technically inexperienced attackers can carry out professional assaults.

Supply chain attacks: Instead of attacking directly, hackers compromise suppliers and IT service providers to exploit trust through them.

Social engineering: Phishing emails are becoming deceptively real through AI. The error rate in recognizing such emails is increasing.

Zero-day exploits: Unknown security vulnerabilities are actively traded and deployed before patches are available.

Why SMEs Are Particularly at Risk

Small and medium-sized companies are in the focus of attackers – for several reasons:

• Fewer IT security resources than large corporations
• Often suppliers or partners of larger companies (supply chain entry point)
• Frequently outdated systems and patches
• No dedicated security team

Immediate Measures for Companies

The most important steps to minimize risk:

1. Multi-factor authentication (MFA) for all external access

2. Patch management systematized – apply updates promptly

3. Backup strategy implemented and tested according to the 3-2-1 rule

4. Employee training – security awareness is the best perimeter

5. Network segmentation of critical systems

6. Incident response plan created before the emergency occurs

Conclusion

IT security is not a one-time investment, but a continuous process. Companies that invest in security today significantly reduce their risk. We support you in developing a comprehensive security strategy.