EN / DE / FR / IT
SFMA

Dossier on cyber risks

Cyber risks are one of the most significant operational risks facing financial institutions. SFMA is therefore looking closely at the issue and has increased the intensity of its supervision. This page provides key information on this topic.

At a glance: cyber risk

Below is a list of the relevant content on the topic of cyber risk on the SFMA website.

Cyber risks and outsourcing (2024)

The cyber risks facing the financial market remained high during 2024. Consequently, cyber risk management by the supervised firms was once again a focal point of SFMA's supervisory activities.

Cyber risks (2024)

The Swiss financial sector continues to be a regular target for cyberattacks. The number of reports received by SFMA about successful or partly successful attacks increased by 30% compared with the prior year.

Cyber risks (2023/2)

The cyber risks faced by the financial market remain high. The management of cyber risks was as a result a focal point of SFMA's supervisory activity in 2023.

Cyber risks (2023/1)

Cyber risks remain one of the biggest operational risks for supervised firms. The Swiss financial sector has not been left unscathed by cyberattacks.

Increase in cyber attacks: implementation of on-site supervisory reviews and scenario analyses

In 2022, successful cyber attacks on companies across all sectors hit the headlines once again, both in Switzerland and worldwide. SFMA also identified an increasing number of reported cyber attacks on supervised firms.

Cyber risks 2022

Increasing professionalisation of criminals and ever shorter times between the announcement and exploitation of critical security vulnerabilities are keeping the financial industry on its toes.

Findings from cyber supervision 2021

During the year under review, successful cyber attacks on established companies from all industry sectors, both in Switzerland and the rest of the world, were reported in the headline news. SFMA has also observed an increasing number of reported cyber attacks. Since the entry into force, in September 2020, of the clarifications on the duty to report cyber attacks, as published in SFMA Guidance 05/2020, a total of 95 cyber attacks of substantial importance for the affected institutions have been reported. The worst-affected institutions were banks, followed by asset managers and insurance companies.

Cyber risks 2021

The coronavirus pandemic has given an extra boost to digitalisation. However, greater digitalisation also increases the dependency on information communication technologies, which can give rise to significant vulnerabilities at Swiss financial institutions. For example, IT system outages and disruptions, particularly those resulting from cyberattacks, can jeopardise the availability, confidentiality and integrity of critical services and functions.

New cyber supervisory approach and guidance

Dependency on information and communications technologies continued to rise in 2020. This was driven by the digitalisation strategies pursued by the supervised firms and was intensified even further by the pandemic-driven extensive shifts towards home-office working. This dependency has rendered financial institutions increasingly vulnerable to cyber attacks. SFMA as a result assessed this risk to be even higher than in the previous year. It considers it to be one of the seven top risks faced by the Swiss financial centre.

Cyber risks 2020

The high and ever-growing dependency on and interconnectivity of information and communication technologies gives rise to pronounced vulnerabilities among Swiss financial institutions. For example, outages of and disruptions to IT systems, particularly those resulting from cyberattacks, can jeopardise the availability, confidentiality and integrity of critical services and functions. Depending on the nature of the cyberattack in question, this can have repercussions not only for individual financial institutions but on the functioning of the Swiss financial centre as a whole.

Cyber risks in supervision 2019

Technological progress and the latest trends have led to SFMA stepping up its supervision of cyber risks. These risks are monitored directly, for example through focused on-site audits by SFMA, and monitored by audit firms as part of the regulatory audit process.

Cyber risks

The high and ever-growing dependency on and interconnectivity of information and communication technologies give rise to pronounced vulnerabilities among Swiss financial institutions. For example, outages of and disruptions to IT systems, particularly those resulting from cyberattacks, can jeopardise the availability of critical services and functions.

Cyber risks are a priority for SFMA's supervisory activities

Supervision is focusing on technology-driven risks such as the threat of cyber attacks and the risks associated with outsourcing.

At a glance: the threat of cyber attacks

Swiss banks must guard their infrastructure against various types of attack. In addition to phishing, malware and disruption to the availability of computers, the debilitating scenarios Swiss financial institutions face are growing ever more sophisticated and complex.

Additional documents

The related information for this topic is set out in the following section.

Charts and visual information

Cyberattacken
Cyberattacken
dossier_cyber_rm24
dossier_cyber_rm24
Cyberattacken 23
Cyberattacken 23
Cyberrisiken
Cyberrisiken
JB22
JB22
Cyberrisiken
Cyberrisiken
Cyberrisiken
Cyberrisiken
Documentation image
Documentation image