Risk management in Switzerland | Links
Federal Constitution of the Swiss Confederation (English version)
Note: English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force.
https://www.fedlex.admin.ch/eli/cc/1999/404/en?utm_source=chatgpt.com
Zur Relevanz des Subsidiaritätsprinzips nach Art. 5a BV im Verhältnis der SRG zu privaten Anbietern (in German)
https://medialex.ch/wp-content/uploads/2019/08/medialex_11_2016.pdf
TREATY ON EUROPEAN UNION
Subsidiarity and Swiss Security Policy
The Swiss National Cyberstrategy (Nationale Cyberstrategie) NCS
Cyber Risk GmbH supports the Swiss National Cyberstrategy (NCS), approved by the Federal Council during its meeting on 5 April 2023. The strategy sets out the objectives and measures with which the federal government and the cantons, together with the business community and universities, will counter cyberthreats.
National Cyberstrategy NCS
https://www.ncsc.admin.ch/ncsc/en/home/strategie/cyberstrategie-ncs.html
National Cyberstrategy NCS, Objectives and measures
https://www.ncsc.admin.ch/ncsc/en/home/strategie/ziele-massnahmen.html
The exchange of information between the private and the public sector
We often read that the public sector must learn from the private sector. We strongly believe that the opposite is more important. The private sector must learn from the public sector.
Governments, including intelligence agencies, spend billions on understanding cyber threats and designing countermeasures. Ignoring the intelligence they release would leave serious gaps in any risk or compliance program.
Our job is to aggregate, interpret, and contextualize this intelligence. Independence doesn’t mean isolation. It means critical, unbiased use of the best available information:
1. Switzerland, NCSC. The National Cybersecurity Centre (Nationale Zentrum für Cybersicherheit) is the Swiss Confederation's competence centre for cybersecurity and thus the first contact point for businesses, public administrations, educational institutions and the general public. It is responsible for the coordinated implementation of the national strategy for the protection of Switzerland against cyber-risks (NCS).
Mandatory notification. From 1 April 2025, critical infrastructures must report critical cyber incidents to the NCSC.
https://www.report.ncsc.admin.ch/en/
In Switzerland, operators of critical infrastructure are required to report cyberattacks to the National Cyber Security Centre (NCSC) within 24 hours of discovery. After submitting the initial report within 24 hours of discovering the incident, they have 14 days to complete their report.
Switzerland’s reporting is harmonized with the European Union’s NIS 2 Directive (Directive (EU) 2022/2555), particularly in the structure, timing, and rationale of incident-notification obligations.
Both accept that the initial report may be incomplete, emphasizing speed over perfection. They recognize the need for threat intelligence sharing and central coordination. Both extend coverage beyond the public sector to private entities performing critical functions.
2. Switzerland, NDB. The Federal Intelligence Service (Nachrichtendienst des Bundes) works for the prevention of terrorism, violent extremism, espionage, proliferation of weapons of mass destruction and their delivery system technology, as well as cyberattacks against the critical infrastructure.
https://www.vbs.admin.ch/de/vbs/organisation/verwaltungseinheiten/nachrichtendienst.html
3. Switzerland, GovCERT. The Computer Emergency Response Team of the Swiss government, the official national CERT of Switzerland.
4. Switzerland, Cybercrimepolice.ch. The Zurich Cantonal Police (Kantonspolizei Zürich) operates www.cybercrimepolice.ch
https://www.cybercrimepolice.ch
5. Switzerland, SKP. The Swiss Crime Prevention (Schweizerische Kriminalprävention) is an agency specializing in the prevention of crime and the fear of crime.
6. Switzerland, Fedpol. The Federal Office of Police.
https://www.fedpol.admin.ch/fedpol/en/home.html
Our websites
a. General, Sectors, Industries.
1. Hybrid Risk
4. Defensive Hybrid Intelligence (DHI)
5. Cognitive Intelligence (COGINT)
6. Legal Intelligence (LEGINT)
7. Algorithmic and AI Intelligence (ALGINT)
8. Synthetic Cognitive Intelligence (SCINT)
9. Hybrid Resilience Initiative (HRI)
10. Cyber Risk GmbH
11. Social Engineering Training
22. Sanctions Risk
23. American Privacy Rights Act of 2024 (APRA)
24. Travel Security
25. Risk management, what is different in Switzerland
b. Understanding Cybersecurity.
4. What is Synthetic Identity Fraud?
6. What is Quantum Risk Management?
c. Understanding Cybersecurity in the European Union.
2. The Digital Operational Resilience Act (DORA)
3. The Critical Entities Resilience Directive (CER)
5. The European Data Governance Act (DGA)
6. The European Cyber Resilience Act (CRA)
7. The Digital Services Act (DSA)
8. The Digital Markets Act (DMA)
10. The Artificial Intelligence Act
11. The Artificial Intelligence Liability Directive
12. The Framework for Artificial Intelligence Cybersecurity Practices (FAICP)
13. The EU Cyber Solidarity Act
14. The Digital Networks Act (DNA)
15. The European ePrivacy Regulation
16. The European Digital Identity Regulation
17. The European Media Freedom Act (EMFA)
18. The Corporate Sustainability Due Diligence Directive (CSDDD)
19. The Systemic Cyber Incident Coordination Framework (EU-SCICF)
20. The European Health Data Space (EHDS)
21. The European Financial Data Space (EFDS)
22. The Financial Data Access (FiDA) Regulation
23. The Payment Services Directive 3 (PSD3), Payment Services Regulation (PSR)
24. The Internal Market Emergency and Resilience Act (IMERA)
26. The European Cyber Defence Policy
27. The Strategic Compass of the European Union
28. The European Space Law (EUSL)
30. The EU-US Data Privacy Framework
31. The European Cloud and AI Development Act
34. The EU Cyber Diplomacy Toolbox
Cyber Risk GmbH, some of our clients
