The future of cyber-security in the public sector: Where does Switzerland stand?

Deloitte’s Global Future of Cyber Survey 2023 shows that cyber-security is playing an increasingly important role in the delivery of business outcomes – not just in the private sector but in the public sector too. The quality of these outcomes depends greatly on how well decision-makers understand today’s cyber-security environment and prepare for what is coming.

The following five highlights of the global study illustrate the current situation and the future trends in cyber-security:

Cyber-security is a never-ending journey of digital transformation, and organisations must embed it consistently and across the board in their systems and processes.

When it comes to embedding cyber-security as part of the modernisation process, Swiss authorities have some catching up to do. The vulnerability of their systems was demonstrated by various cyber-attacks in the summer of 2023, when the websites of the federal government and state-owned organisations like Swiss Federal Railways, Swiss Post and the cantonal administrations in Zurich, Basel and Geneva were brought to their knees for hours by DDoS attacks^1. Following a ransomware attack, data was even stolen from the Federal Office of Police (Fedpol) and the Federal Office for Customs and Border Security (FOCBS) and published on the dark web². The modernisation and replacement of old systems must therefore be a constant priority. Cyber-security must not be an afterthought for organisations when deploying new systems and upgrading old ones. Furthermore, the Deloitte Swiss Digital Government Study 2023 showed the need for Swiss authorities to think about appropriate transitional solutions for ensuring the functionality of the most important services in the event of a highly disruptive cyber-attack.

The need to find and nurture cyber-talent is becoming more critical, and ecosystem approaches are more helpful in the long term than short-term outsourcing.

The shortage of cyber-security talent also remains a problem for Swiss authorities. According to an estimate by the global association for certified cyber-security professionals ISC2, there are 4.7 million cyber-security employees in the world, but around 3.4 million more are needed³. The vocational training organisation ICT-Berufsbildung Schweiz estimates that there will be a shortage of almost 40,000 specialists in the ICT sector by 2030⁴. With this in mind, the Swiss Army has launched its own training campaign to identify cyber-security talent at an early stage and nurture it⁵. Authorities, educational institutions and businesses need to work together even more closely to develop programmes for the next generation of cyber-security experts.

Governance remains the top challenge and can be strengthened with more consolidation and centralisation of responsibility.

Funding is the engine that drives cyber-security. A centralised and simplified budgeting process makes it easier to allocate financial resources in a sensible way.

Mission-focused cyber-security is becoming increasingly important and must incorporate command, control and communications and a well-defined leadership structure.

The Swiss authorities have made good progress in the areas of governance, investment and planning in recent years. By setting up the National Cyber Security Centre (NCSC) in 2020, the Swiss government created a central point of contact for authorities, educational institutions, businesses and the general public for cyber-security issues and established a pool of experts to support the departments and administrative bodies with the development and implementation of cyber-security standards. The transformation of the NCSC into a federal office in 2024 will further strengthen cyber-security governance within the authorities⁶.

In addition, the National Strategy for the Protection of Switzerland Against Cyber Risks (NCS) 2018–2022 is currently being revised. The revision focuses not only on protection and defence but also on increasing the discussion around how and where Switzerland will invest in cyber-security in the future⁷.

The cooperation in the field of cyber-security already works quite well at a national level, but Switzerland’s federal system makes it more difficult at a cantonal and municipal level.

The efforts of various cantons (including Zurich⁸ , St. Gallen⁹ and Basel¹⁰ ) to invest more in cyber-security and establish their own cantonal centres for cyber-security are an important step forward.