The Swiss SME landscape is under pressure. Paradoxically, while the number of cyberattacks is increasing, small and medium-sized businesses’ confidence in their own digital security is decreasing dramatically. On Thursday, leading industry associations responded with a completely revised defense tool – at the same time, federal authorities warned of a sophisticated wave of phishing.
Die Allianz Digital Security Switzerland (ADSS) presented on December 4th together with the Swiss Insurance Association (SVV) it Cybersecurity Check 4.0. The tool is intended to break a dangerous paralysis: Although threats are increasing, the resilience of SMEs is visibly shrinking.
“Many SMEs know that they have to act, but there is a lack of orientation and clear priorities,” explains Andreas KaelinVice Chairman of the ADSS. “The Cybersecurity Check shows the most important levers – and how to start with realistic steps.”
The revised version focuses on five key pillars specifically tailored to the limited resources of smaller companies:
Advertisement
Many SMEs are aware of the risk of cyber attacks, but there is a lack of clear, practical steps. A free e-book summarizes the current cyber security trends and concrete protective measures – including a priority list for small budgets, awareness measures against phishing and simple technical hygiene tips. Perfect for managing directors and IT managers who want to implement effective measures quickly and without major investments. Download the free cybersecurity guide for SMEs now
- Organization & processes: Create clear responsibilities
- Employees & Awareness: Train staff to recognize threats
- Technical protective measures: Basic hygiene like backups and updates
- Data protection & legal: Compliance with the new Swiss DSG
- External partners: Risk management for IT service providers
Marcel Knecht from the Swiss Standards Association (SNV) emphasizes: “Especially in cybersecurity, where risks are complex and dynamic, standards create reliability. The check translates these principles into clear, practical criteria.”
Federal warning: The “Serafe” phishing trap strikes
Table of Contents
The urgency of the new tool underlines a current warning from the Federal Office for Cybersecurity (BACS). Between December 2nd and 4th, the agency alerted to a fraudulent campaign posing as Seraph spends – the Swiss collection agency for radio and television fees.
The attackers ask recipients via email to verify their “current living situation” or to update address information before the next bill. What makes the attack particularly dangerous: its unusual sophistication.
Victims are guided step by step through a deceptively real fake website. First, the name, date of birth and – this is where it gets critical – AHV numbers queried. Only in the last step does the site request credit card information.
BACS analysts warn: This multi-stage data collection is a strategic “diversionary tactic”. Even if victims become suspicious of the credit card prompt, the attackers already have a complete identity profile – ideal for identity theft.
Sobering numbers: The “SME Cybersecurity 2025” study
This week’s background reveals a disturbing picture. The study “SME Cybersecurity 2025” reveals a dangerous “security fatigue” among Swiss managers:
- Loss of trust: Only 42 percent of Swiss SMEs currently feel adequately protected against cyber attacks – a drastic decline of 55 percent in the previous year
- Shift in priorities: Despite the high threat situation, we now consider 28 percent of SMEs consider cybersecurity “not a priority,” compared to 18 percent in 2024
- Investment backlog: The willingness to invest in protective measures is decreasing – many decision-makers underestimate the financial consequences of a security breach
“The situation is escalating and SMEs are not acting sufficiently,” states the SVV in its announcement on December 4th. The study found that while 88 percent of SMBs recognize cybercrime as a serious problem, this awareness is not reflected in budgets or protocol changes.
Insurers are increasing the pressure
The growing gap between threat and preparedness is creating a dangerous vulnerability in the Swiss economy. The dependence on external IT service providers is particularly under observation. The Cybersecurity Check 4.0 explicitly contains a module for managing external partners – supported by this CyberSeal-Certification program.
“CyberSeal offers SMEs guidance by identifying service providers who demonstrably meet an appropriate security standard,” explains Florian MuffHead of Auditors for CyberSeal at ADSS. This focus suggests that in the future, liability for security breaches could increasingly be shifted to the interface between SMEs and their managed service providers (MSP).
What’s coming in 2025?
Experts predict that AI-powered attacks will make “generic” phishing campaigns like the Serafe scam even more difficult to distinguish from legitimate correspondence in the future.
For Swiss SMEs, the message this week is clear: the era of “security through inconspicuousness” is over. The Cybersecurity Check 4.0 provides companies with a standardized roadmap. Anyone who does not adopt these basic standards not only risks financial losses – but also potentially loss of insurance coverage. Insurers like those at SVV are increasingly demanding proof of resilience before they insure against cyber risks.
The Cybersecurity Check 4.0 is now available to all Swiss companies via the ADSS and partner portals.
Advertisement
PS: Insurers are increasingly demanding proof of resilience – so your insurance coverage can depend directly on your cyber strategy. The free e-book explains which evidence decision-makers should prepare now and shows simple awareness measures against phishing and AI-supported attacks. Practical, without a big budget. Get the free e-book ‘Cyber Security Awareness Trends’
