Press release
15 Nov 2023 

Swiss cybersecurity managers see artificial intelligence and the cloud as the biggest security risks

  • 71 percent of Swiss cybersecurity managers are satisfied with how their own company deals with the issue of cybersecurity

  • An average of 14 cyber incidents were registered at Swiss companies last year, compared to 44 at companies worldwide

  • For over 70 percent of Swiss companies, the biggest cyber threats are artificial intelligence, machine learning and the cloud

  • Swiss companies rely on proven technologies for cyber defense, but half say that defensive measures do not adapt quickly enough to new threats

Zurich, 15 November 2023 - Once again this year, the auditing and consulting firm EY conducted a cybersecurity survey of Swiss companies. A clear majority of 71 percent of the Chief Information Security Officers (CISO) and Chief Information Officers (CIO) surveyed are satisfied with how their own company deals with cybersecurity issues. This is significantly higher than the global comparison: only 42% of the 500 companies surveyed for the global EY Cyber Security Study are satisfied with how cyber security issues are handled in their organization. "The sometimes large discrepancy between the global and Swiss results is due in particular to the sector of the participating companies and the functions of the people taking part. In Switzerland, the majority of participating companies come from the financial sector and only CISOs and CIOs took part in the Swiss study. On average, the financial sector has a significantly better cybersecurity maturity than many companies in other sectors," says Tom Schmidt, EMEIA Financial Services Cybersecurity Competency Leader at EY in Switzerland.

Companies worldwide have seen an increase in cyber attacks of around 75 percent in the last 5 years. While an average of 44 cyber incidents were registered at companies worldwide in 2022, there were only 14 such cases in Switzerland. Swiss companies perform very well in terms of response time: according to the survey, they need less than 5 months to respond adequately to cyber incidents, while 76% of companies worldwide need more than 6 months.

Swiss companies are also more optimistic about future developments than their global counterparts: 57% of the Swiss CISOs and CIOs surveyed stated that their company is well prepared for future cyber threats. Globally, 46% of the managers surveyed think so.

These are the findings of the EY Swiss Cybersecurity Leadership Insights Study, for which the CIOs and CISOs of 28 selected Swiss companies were surveyed. More than half of the Swiss companies surveyed belong to the banking and insurance sector. For the global study, CISOs and other executives from 500 large companies from 25 countries with a turnover of over 1 billion US dollars were surveyed.

Threats and challenges from a Swiss perspective

Over 70% of Swiss companies see the biggest cyber threats over the next five years as being primarily in the areas of artificial intelligence, machine learning and the cloud. For Swiss companies themselves, the biggest challenges in dealing with cyber threats are resources and the skills gap. To close this gap, companies are pursuing the following strategies: training/upskilling existing cyber security staff; standardizing and automating security processes to reduce staffing requirements; and prioritizing the retention and recruitment of cyber security staff with diverse backgrounds.

While 46 percent of Swiss CISOs and CIOs surveyed say their organization takes an adaptive rather than a traditional approach to combating and preventing cyber threats and hazards, 75 percent say that the biggest challenges for their organization are the need for a more agile approach. For 75 percent, the biggest challenges are the large attack surface and the balance between security and the speed of innovation. Worldwide, this figure is 52 percent.

The tension between security and speed is also evident in companies' defensive measures: 50 percent of CISOs and CIOs state that their defensive measures are not adapting quickly enough to the rapidly evolving threats. This is consistent with the statement that only 43 percent of respondents see themselves as early adopters. Instead, Swiss companies rely on thoroughly tested technologies and solutions. In this respect, the global respondents see themselves much more clearly than those who use the latest technologies - 65% describe themselves as early adopters.

"In a global comparison, we see that Swiss companies are more reluctant to introduce new technologies such as artificial intelligence. Automated security measures offer additional potential for companies to react more quickly to threats," says Roman Haltinner, EMEIA Eu-rope West Cybersecurity Competency Leader at EY in Switzerland.

According to the respondents, the right behavior with regard to cyber risks has not yet fully arrived in the corporate culture of Swiss companies: Around 60% of the specialist managers surveyed stated that they noticed a lack of compliance with cybersecurity best practices outside of IT departments and that cybersecurity was perceived as purely an IT problem. "It is important that correct behavior with regard to cyber risks is practiced throughout the company and becomes a central part of the corporate culture," says Tom Schmidt.

Expenditure on cyber security at Swiss companies

The budgets for IT and cybersecurity at the Swiss companies surveyed remain largely at the same level as in the previous year (2022): 14% of annual turnover was spent on IT in 2022 and 2023. Of these IT budgets, 6 percent (2022) and 7 percent (2023) went to cybersecurity.

39% of the companies surveyed spend between one and 4.9 million Swiss francs on cybersecurity. For 25 percent of companies, this budget is between 10 and 49 million Swiss francs. 22 percent invest less than one million francs and 4 percent spend more than 50 million francs on their cyber security.

Further information on the topic:

Cybersecurity | Insights, case studies & services | EY – Switzerland

About the global EY organization

The global EY organization is a leader in assurance, tax, transaction and advisory services. We leverage our experience, knowledge and services to help build trust and confidence in the capital markets and in economies all over the world. We are ideally equipped for this task — with well-trained employees, strong teams, excellent services and outstanding client relations. Our global purpose is to drive progress and make a difference by building a better working world — for our people, for our clients and for our communities.

The global EY organization refers to all member firms of Ernst & Young Global Limited (EYG). Each EYG member firm is a separate legal entity and has no liability for another such entity’s acts or omissions. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via ey.com/privacy. For more information about our organization, please visit ey.com.

EY’s organization is represented in Switzerland by Ernst & Young Ltd, Basel, with 10 offices across Switzerland, and in Liechtenstein by Ernst & Young AG, Vaduz. In this publication, “EY” and “we” refer to Ernst & Young Ltd, Basel, a member firm of Ernst & Young Global Limited.