On May 6, 2025, the Swiss Federal Office for Cybersecurity (BACS) published its latest semi-annual report. This report aims to shed light on the cyber threats and Switzerland’s strategic response. In this blog article, we explore the main insights from the report.
Cyber incidents in 2024
In the second half of 2024, 28,165 cyber incidents were reported to BACS. The annual total reached a record 62,594, which is a 28% increase compared to 2023.
Key findings:
- 90% of reports came from individuals; 10% from companies, organizations, and public bodies
- CEO fraud cases increased from 487 in 2023 to 719 in 2024
- The top categories of cyber threats are fraud, phishing, and spam
- Reports of fake prize giveaways tripled in just six months
Cyberattacks methods
Cybercriminals are refining their techniques. Traditional email and SMS attacks are now supplemented by:
- RCS (Rich Communication Services) and iMessage to bypass mobile carrier filters.
- Phone scams involving impersonation of bank employees.
- QR code tampering on public devices like parking meters.
- Spam flooding overwhelms inboxes before targeting victims on messaging platforms.
Alarmingly, Swiss corporate identities are increasingly being misused to spread malware.
The Global Dimension of Cyber Risk
The CrowdStrike software update failure in late 2024 was a stark reminder of digital interdependence. It disabled around 8.5 million systems worldwide, with damages estimated in the billions of dollars. Similarly, recent shifts in the U.S. CVE (Common Vulnerabilities and Exposures) program highlighted the vulnerabilities of relying on centralized global systems.
Such events illustrate the fragility of our digital infrastructure and the urgent need for coordinated international cybersecurity strategies.
New Swiss Regulation: mandatory reporting for critical infrastructure
As of April 1, 2025, Switzerland requires all critical infrastructure operators, including energy providers, transportation systems, and local authorities to report certain cyberattacks to the government within 24 hours.
This regulation was developed in close alignment with EU cybersecurity directives, ensuring cross-border compatibility and smoother information-sharing. Notably, enforcement will be sanction-free for the first six months, allowing organizations to adapt.
Towards a resilient cyber future
Switzerland is actively expanding its international cybersecurity partnerships, working with European and global stakeholders to enhance early-warning systems, accelerate threat intelligence sharing, and strengthen policy alignment.
As a key player in cybersecurity education, Swiss Cyber Institute contributes meaningfully to this vision. By delivering advanced cybersecurity training programs and organizing the Global Cyber Conference, Swiss Cyber Institute plays a pivotal role in equipping current professionals and the next generation of cybersecurity talent with the skills needed to build a more resilient digital future. Additionally, by offering tailored cybersecurity team training, the Institute supports individuals to be more aware of the importance of cyber security and develop practical skills they can apply in both their professional and personal lives.
