Bearded IT Technician in Glasses with a Laptop Computer and Black Male Engineer Colleague are Talking in Data Center while Working Next to Server Racks. Running Diagnostics or Doing Maintenance Work.

Cloud security: how Swiss industries can overcome key challenges

Photographic portrait of Tom Schmidt
Tom Schmidt

EY EMEIA Financial Services Cybersecurity Competency Leader; EY Switzerland Financial Services Cybersecurity Leader; Partner, Technology Consulting, Ernst & Young AG

7 minute read 09 Jul 2025
Related topics
Cybersecurity
Financial services
Banking and capital markets
Digital

From data privacy to compliance, cloud security poses a tough challenge – learn how some players are turning challenges into opportunities.

In brief

  • What security threats and compliance concerns make traditional industries hesitant to adopt cloud computing?
  • What are the common challenges that plague cloud migrations?
  • How can companies adopt a sustainable cloud security model that aligns with business strategy and ensures long-term success?

Switzerland’s traditionally cautious stance to adopting new technologies – cloud computing included – is being tested by the accelerating pace of digital transformation. Specifically, heightened concerns around cloud security threats and compliance with tightening regulations have made some industries, most notably those that are heavily regulated, hesitant to embrace the cloud. However, ever mounting business demands and disruptive technologies such as artificial intelligence are shifting the landscape. For many, cloud adoption is no longer optional – it’s an existential imperative.

Common hurdles – perceived and factual

Despite growing recognition of the cloud’s value, several persistent challenges continue to slow down adoption in Switzerland. So what’s holding companies back from migrating to the cloud and how are forerunners rising to the challenge?

1. Data privacy concerns

Data privacy remain a major concern for Swiss businesses. Such concerns revolve around protecting sensitive information stored and processed in the cloud from unauthorized access and other data breaches. The most recent “Cisco 2024 Data Privacy Benchmark Study” finds that “Privacy has become a critical element and enabler of customer trust, with 94% of organizations saying their customers would not buy from them if they did not protect data properly.”

Strong encryption, effective data segregation as well as robust controls are essential to ensure data is protected in cloud-based operations.

2. Cloud security controls and misconfigurations

Misconfigured  cloud resources routinely pose substantial risks. According to the “AWS Cloud Security Report 2022”, 95% of surveyed companies are apprehensive about their cloud security posture in public cloud environments. Cloud misconfigurations are identified as the primary threat to cloud security by 59% of cybersecurity professionals. Moreover, 31% of companies have faced security incidents in the cloud, predominantly due to misconfigurations (28%).

Swiss companies must focus on implementing cloud security controls that align with the country's specific regulatory requirements. This includes adopting centralized security platforms for greater visibility and configuring strict access controls to prevent unauthorized data access and cloud misconfigurations. These measures are essential for ensuring compliance and robust security in Switzerland’s complex cloud environment.

How EY can help

3. Cloud skills and talent shortage

As companies seek to leverage the cloud’s transformative potential, many are grappling with a shortage of personnel proficient in cloud technologies. According to the “Fortinet 2023 Cloud Security Report”,  37% of companies cite the talent gap as their primary challenge. This deficiency not only delays cloud migration, it also poses operational and security risks.

 

The knowledge gap can be bridged by prioritizing both internal training and strategic recruitment for cloud-specific skills. Internal capability building can additionally be complemented by systematically drawing on external expertise in cloud security. With this in mind, successful early adopters are investing in comprehensive training and development programs, focusing on cloud-specific skills and cross-functional collaboration. This approach not only closes the skills gap but also fosters a culture of continuous learning and adaptation, essential for staying ahead of the curve in the ever-evolving cloud landscape.

 

4. Data location and sovereignty

Switzerland’s unique legal landscape – outside the EU but subject to its stringent data protection laws – makes data sovereignty a critical issue. The “Fortinet 2023 Report” finds that 30% of companies cite regulatory compliance and 29% cite data security as cloud adoption barriers.

 

Ensuring that cloud providers meet Swiss data residency and compliance requirements is essential to  address these concerns and mitigate the related risks.

 

Turning challenges into opportunities

Leading companies don’t see challenges to cloud adoption as roadblocks – they see them as a chance to build stronger, more secure and more future-ready organizations. By embracing cloud-native solutions and aligning cloud adoption with broader business objectives, companies can transform security concerns into strategic advantages.

 

Swiss companies – especially in regulated sectors – must take a proactive approach. This means:

  • Making data privacy and sovereignty a priority from day one
  • Adopting robust cloud security controls tailored to regulatory needs
  • Addressing the skills gap through training, recruitment and external support
For Swiss companies, the key is turning caution into confidence.

Tom Schmidt, Partner EY Cybersecurity

Successful trailblazers in regulated industries

More and more, we are seeing organizations with significant operations in highly regulated environments successfully navigating cloud adoption by developing robust, tailored migration strategies. These strategies are built around three foundational pillars:

Cloud adoption, when approached from a strategic vantage point, enables organizations to enhance both operational agility and security resilience. For Swiss industries, the path forward lies in transforming cloud concerns into a competitive edge – turning caution into confidence and challenges into catalysts for innovation.

Summary

Many Swiss companies, particularly those operating in highly regulated sectors, are hesitant to adopt cloud computing due to valid concerns around data privacy, security controls and compliance. In navigating the potential pitfalls, building a sustainable cloud security model is key – one that favors cloud-native technology, a DevSecOps mindset and continuous training to bridge knowledge gaps. By addressing these challenges, companies can transform cloud security concerns into opportunities, aligning cloud adoption with business strategy to enhance efficiency and security in a rapidly evolving digital landscape.

Acknowledgment

We thank Goce Mitovski for his valuable contributions to this article.


Explore how EY can help you with Cybersecurity

Secure Creators can innovate and adopt emerging technology without compromising cybersecurity. Explore our service offering.

Explore Cybersecurity
Contact team now
Diverse business professionals having a discussion during a meeting in a modern office. Team of multicultural businesspeople sharing creative ideas in an inclusive workplace.

Related article

DORA: A new era of Digital Operational Resilience

Discover how the Digital Operational Resilience Act (DORA) enhances cyber resilience. Learn more about DORA implementation today!

Marc Minar

How can cybersecurity go beyond value protection to value creation?

The 2025 EY Global Cybersecurity Leadership Insights Study found that CISOs account for US$36m of each strategic initiative they are involved in. Read more.

Richard Watson + 1

Navigating cyber risks in AI: safeguarding financial services

Deep-dive into critical vulnerabilities that Swiss financial services organizations deploying AI in cloud environments can be exposed to.

Marc Minar

    About this article

    Photographic portrait of Tom Schmidt
    Tom Schmidt
    EY EMEIA Financial Services Cybersecurity Competency Leader; EY Switzerland Financial Services Cybersecurity Leader; Partner, Technology Consulting, Ernst & Young AG
    Focusing on all aspects of information security, cybersecurity, and IT risk management. Passionate about traveling the world and engaging in various sports.
    Related topics
    Cybersecurity
    Financial services
    Banking and capital markets
    Digital

    Request for proposal (RFP) - exclusively for Switzerland

    |

    Submit your request now!

    Submit Request

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Limited, each of which is a separate legal entity. Ernst & Young Limited is a Swiss company with registered seats in Switzerland providing services to clients in Switzerland.