12.06.2025 - Small and medium-sized enterprises (SMEs) face the challenge of protecting their IT systems against cyberattacks. Although awareness of cyber risks has increased, implementing protective measures often proves difficult. To support SMEs in taking their first steps towards cybersecurity, the National Cyber Security Centre (NCSC), ITSec4KMU and the Swiss Insurance Association (SIA) recently organised an information event where experts provided SMEs with a simple introduction to this important topic.
For many SMEs, cyberattacks remain an abstract and intangible threat. Many companies are inadequately protected against them. Yet even simple measures can provide effective basic protection. Manuel Suter, Deputy Director of the NCSC, and René Hüsler, a founding member of ITSec4KMU, welcomed over 150 SME representatives with precisely this message. Both emphasised the importance of SMEs addressing the issue of cybersecurity and explained that basic protection against cyberattacks can be achieved with simple, easy-to-implement measures.
Cybersecurity in SMEs: Threats, actors and trends
In his presentation, Simon Seebeck from the SIA highlighted the biggest current cybersecurity threats to SMEs. He also explained the role of insurers in cybersecurity and which risks can be insured. Oliver Schmid, Chief Information Security Officer (CISO) at the University of Zurich, addressed the topic of phishing in his presentation, focusing on the technical aspects and psychological mechanisms exploited by attackers in targeted attacks.
When phishing is followed by a ransomware attack
To raise awareness among SMEs of the methods used by attackers, Nicolas Germiquet from ITSec4KMU and Alain Haldi from BDO AG conducted a live hacking session, using a practical example to demonstrate specific attack methods. Monica Ratte, Vice Director of the NCSC and co-lead GovCERT, then explained how a phishing email can result in a ransomware attack and the potential consequences for affected companies. She also outlined some effective protective measures.
Preparing for cyber incidents
Nicolas Germiquet concluded the event with a presentation on the importance of business continuity management and contingency planning for cyberattacks. Such tools help to minimise any interruption to business and enable a quick response to IT security incidents. This maintains continuity of operations and reduces financial losses and the loss of customer trust. SMEs, which often have fewer IT security resources, benefit particularly from good crisis preparation.
The fully booked event in Bern demonstrated the high level of interest in cybersecurity among SMEs. The numerous ideas from the presentations and the subsequent discussions with the experts and other participants provided the SMEs with valuable input on how to implement specific measures to improve basic cybersecurity.
About ITSec4KMU
ITSec4KMU is an association that helps Swiss SMEs to better protect themselves against cybercrime. It provides helpful information on its website on all aspects of cybersecurity and is committed to strengthening SMEs by means of other activities. The Canton of Zug supports ITSec4KMU with start-up funding.
Last modification 12.06.2025
