Cyber resilience during major events and international conferences

08.01.2026 - Large-scale events and international conferences are often used as an opportunity to stage a cyberattack. The National Cyber Security Centre (NCSC) therefore expects disruptive maneuvers in cyberspace again in the context of the World Economic Forum (WEF) in January 2026. In order to minimise cyber risks for organisations involved in such events, it is important to have broad-based protective measures in place. The NCSC has published recommendations on such protective measures.

Major events and international conferences, such as the World Economic Forum Annual Meeting (WEF) such as the World Economic Forum (WEF) in January 2026 not only attract public attention, they also change the cyber threat landscape. There is a high probability that cybercriminals, hacktivists and other actors will use such events for cyber attacks or that participants and their organisations will become the target of such attacks. While the motivation and aims of the perpetrators of cyberattacks may differ, the basic protection measures required remain the same. A large number of potential cyber incidents can be prevented when these are in place.

While the motives and objectives of cyberattackers may differ, the core protective measures remain the same as in normal circumstances. Consistently applying these measures can prevent a wide range of cyber incidents. The NCSC recommends following them at all times – regardless of the current threat level – and reporting any suspicious activity using the NCSC online reporting form.

The NCSC is working closely with the organisations involved in staging the WEF. It has raised awareness among them and among operators of critical infrastructure in Switzerland, and has issued recommendations to help minimise risk.

The NCSC anticipates that there will be disruptive cyberoperations during the WEF, particularly distributed denial-of-service (DDoS) attacks targeting Swiss organisations. These attacks aim to flood websites and online services with traffic, rendering them partially or completely inaccessible. No data is lost in a DDoS attack. Such attacks are often linked to politically or ideologically motivated actors (hacktivists) seeking visibility and media attention or aiming to unsettle the public.

The NCSC has drawn up a summary of recommended measures to be applied in the context of particularly exposed events:

The perpetrators of such attacks on the availability of websites and services usually want to generate media attention in order to spread their ideology. The NCSC is asking journalists to bear this in mind when writing their articles, so that the attackers receive as little attention as possible.