2025 National Cybersecurity Conference: “Cyber resilience: Regulation or personal responsibility?”

25.09.2025 - Current debate in the field of cybersecurity focuses on the optimal interplay between state regulation and individual responsibility. The theme of the National Cybersecurity Conference held today in Bern was “Cyber resilience: Regulation or personal responsibility?” Around 250 representatives from the fields of politics, public administration, business and academia discussed the key challenges in ensuring digital security in Switzerland. Federal Councillor Martin Pfister opened the event and argued that personal responsibility and regulation should go hand in hand.

The spread of digitalisation is leading to a complex network of dependencies between a wide variety of systems. This is making companies and authorities increasingly vulnerable and cyberattacks in supply chains are occuring with ever greater frequency. The threats create new challenges and make the need to strengthen cyber resilience all the greater. The 2025 National Cybersecurity Conference therefore focused on the issue of whether clear legal requirements should be put in place to strengthen cyber resilience, or whether companies, public authorities and private individuals should be responsible for taking their own measures.

In his opening speech, Federal Councillor Martin Pfister, Head of the Federal Department of Defence, Civil Protection and Sport (DDPS), emphasised that personal responsibility and regulation should go hand in hand. A successful example of this approach is the reporting obligation for cyberattacks on critical infrastructures introduced last April. By mid-September, the National Cyber Security Centre (NCSC) had already received over 150 reports.

At the conference, high-ranking experts presented different aspects of the current challenges of cybersecurity. National Council member Gerhard Andrey provided insights into the political discussion in Parliament, while Laura Dittli, member of the Zug Cantonal Council, showed how regional approaches can contribute to the National Cyberstrategy (NCS) and presented the Canton of Zug's cybersecurity initiative. Prof. Dennis-Kenji Kipker, research director at the Cyberintelligence Institute, spoke on the international dimension of cybersecurity, explaining current moves towards international harmonisation in the form of the EU Cyber Resilience Act and the NIS2 Directive.

The conference is an important platform for jointly finding the optimal mix of regulation and personal responsibility and further advancing the National Cyberstrategy. The NCSC and the NCS steering committee explained the current state of implementation of the NCS, ensuring that all those present were equally well informed. In the various breakout sessions, participants were given the opportunity to discuss in more depth the key areas of best practices, greater involvement of stakeholders in the cyberstrategy debate, and national and international attempts to regulate the field.

The event concluded with a comprehensive look at the reporting obligation for cyberattacks on critical infrastructures, which has been in force since 1 April 2025. Florian Schütz, Director of the NCSC, presented initial findings and observations since reporting became mandatory. In the follow-up panel discussion, Eva Kocher from the Swiss Financial Market Supervisory Authority (Finma), Erik Dinkel, CISO of the University Hospital Zurich and president of the very recently founded association H-CSC, Angela Anthamatten from economiesuisse and Marc Barbezat, CISO of the Canton of Vaud, discussed their experiences with the new regulation to date, and how it affects day-to-day operations.

The 2025 National Cybersecurity Conference provided a valuable platform for constructive dialogue and thus made an important contribution to strengthening Switzerland's digital resilience in the long term. The conference findings and discussions will help in the search for balance between regulatory requirements and individual responsibility, and in the implemention of projects on this issue.