Starting April 1, 2025, operators of critical infrastructures in Switzerland are required to report cyberattacks to the Federal Office for Cybersecurity (BACS) within 24 hours of their discovery. This measure aims to enhance the resilience and security of essential services such as energy and drinking water supply, transport companies, and cantonal and municipal administrations.
Who Is Affected by the Reporting Obligation?
The reporting obligation applies to organizations that ensure essential societal functions. The affected sectors include:
- Authorities: Administrations at all levels of government, including cantonal and municipal administrations.
- Energy: Energy supply companies, including electricity and gas suppliers.
- Disposal: Organizations responsible for waste and wastewater disposal.
- Finance: Banks, insurance companies, and other financial service providers.
- Health: Hospitals, clinics, and other healthcare facilities.
- Information and Communication: Telecommunications providers, internet service providers, and media companies.
- Food: Companies involved in food production and supply.
- Public Safety: Police, fire departments, and emergency services.
- Transport: Transport companies, including public transport operators and logistics companies.
These sectors have been identified as their services are indispensable for the functioning of society and the economy. The reporting obligation enables BACS to assist affected parties in managing cyberattacks and to warn operators of critical infrastructures at an early stage.
Details of the Reporting Obligation
The reporting obligation pertains to cyberattacks that:
- Endanger the functionality of the affected critical infrastructure,
- Have led to manipulation or leakage of information, or
- Are associated with extortion, threats, or coercion.
Violations of this reporting obligation may result in fines starting October 1, 2025.
Importance of Penetration Testing in the Context of the Reporting Obligation
Given the new legal requirements, it is increasingly important for operators of critical infrastructures to implement proactive security measures. Penetration tests, also known as pentests, play a central role in this context. They simulate targeted cyberattacks on IT systems to identify and remediate vulnerabilities before they can be exploited by actual attackers.
Advantages of Penetration Testing
- Early Detection of Vulnerabilities: By uncovering security gaps, companies can take preventive measures and thus minimize the risk of successful cyberattacks.
- Compliance with Legal Requirements: Regular pentests support companies in meeting compliance requirements.
- Protection of Sensitive Data: Identifying and addressing security gaps reduces the risk of data leaks, ensuring the protection of confidential information.
Zerberos: Your Partner for Comprehensive Penetration Testing
As an experienced provider in the field of IT security, Zerberos offers tailored penetration tests specifically designed to meet the needs of operators of critical infrastructures. Our team of experts utilizes the latest techniques and methods to thoroughly examine your systems and provide you with detailed reports and practical recommendations.
Why Choose Zerberos?
- Expertise: Our security experts have many years of experience and are always up to date with the latest technology.
- Customized Solutions: We adapt our penetration tests to the specific requirements and risks of your company.
- Confidentiality and Professionalism: Your security and satisfaction are our top priorities. We guarantee the highest discretion and professional handling of all projects.
Take the opportunity to elevate your IT security to the next level and optimally prepare for the upcoming legal requirements. Contact Zerberos today for a non-binding consultation and find out how we can help you make your systems secure and compliant.