03.06.2026 - Cyber attacks are no longer limited to large corporations. Small and medium-sized enterprises (SMEs) are increasingly becoming the target of phishing, ransomware and social engineering. At the same time, they often lack the time, resources or guidance needed to tackle IT security in a structured manner. To help SMEs get started with cyber security, the NCSC, ITSec4KMU and the SIA organised an awareness-raising event on 2 june 2026. The NCSC will also be hosting two online brown-bag lunches for Swiss SMEs on 2 and 9 September 2026 to present the emergency response model and the associated tools.
For many SMEs, cyber attacks are still an abstract and elusive threat. Many companies are inadequately protected. Yet effective basic protection can be established with simple measures alone. Manuel Suter, Deputy Director of the NCSC, and René Hüsler, founding member of ITSec4KMU, welcomed the nearly 100 SME representatives in attendance with precisely this message. Both emphasised how important it is for SMEs to engage with the topic of cyber security and that they can already achieve basic protection against cyber attacks through simple and quickly implementable measures.
Cyber resilience as a target function for cyber security
Andreas Günert, Head of Technologies/Sec Engineering at the NCSC, outlined in his presentation the various types of threats facing SMEs and how these are exacerbated by interconnectivity, for example within the supply chain. Trust is a vital foundation that is strengthened by transparency. He presented two recommendations – ‘Implementation of a security and resilience procedure’ and ‘Implementing basic protection’ – and shared insights from a pilot project carried out in the canton of Aargau.
Case study from a real-life cyber incident
Philipp Bosshard, Managing Director of Bosshard Farben, provided a fascinating insight into the cyber incident at his company. The Cloak ransomware group had succeeded in encrypting access to the servers and data. Together with the IT specialists, they immediately took action, enabling operations to resume after just a few days on a newly set-up platform. Philipp Bosshard described the individual steps and the mood within the company and among partners in a very vivid and engaging manner.
Security Awareness in Practice and Quick Wins
Sarah Mühlemann, InfoGuard AG, focused her presentation on practical quick wins for SMEs, ensuring that the topic of security is addressed by employees in a light-hearted manner. She emphasised the importance of regular awareness training. Attacks are becoming increasingly sophisticated, which is why it is important that employees are regularly made aware of this fact and that relevant scenarios are practised.
Cyber Emergency Management and Emergency Plan
Kilian Cuche, NCSC Awareness Expert, presented the NCSC emergency plan and the associated tools. He provided a fascinating insight into the correct procedure and how one should ideally respond. The question is not whether an SME will be affected by a cyber incident, but simply when. Kilian Cuche emphasised that one must be prepared and that an emergency plan is the key to cyber resilience.
Panel discussion
During the panel discussion, Philipp Bosshard, Manuela Haugwitz (Business Development Manager at ITIVITY AG), Heinz Tännler and Thomas Schnitzer (Swiss Insurance Association) answered questions from moderator Nicole Frank. They addressed a range of very practical questions, covering the entire spectrum from “How could I have reduced the damage from today’s perspective?” to “As an SME, can I even protect or insure myself at a reasonable cost?”. The panellists answered the questions very openly and, here and there, not without a touch of humour.
Zug Cybersecurity Initiative
Finally, Zug Cantonal Councillors Laura Dittli and Heinz Tännler presented the Zug Cybersecurity Initiative (CSI), which will be discussed in the Cantonal Council in July. Heinz Tännler provided an in-depth insight into how the resources of the National Test Institute for Cybersecurity (NTC) are being pooled with those of ETH Zurich to tackle the challenges of the connected world through research. Laura Dittli presented the Cantonal Cyber Competence Centre (KKC), which focuses, among other things, on particularly vulnerable groups within the population and SMEs, and provides targeted support for start-ups and spin-offs in the context of cyber security.
Online brownbag lunch: Emergency Planning for SMEs (September 2026)
The NCSC will host two online brownbag lunch sessions for Swiss SMEs on 2 and 9 September, each from 12–1pm, to present the contents of the emergency planning model and the associated resources. The sessions will be held in German and French and will be published on the NCSC's YouTube channel.
To register for the event, visit:
MS Teams: Online brownbag lunch in French on 2 September, 12–1pm
MS Teams: Online brownbag lunch in German on 9 September, 12–1pm
Last modification 03.06.2026
