In Switzerland, one in three SMEs has already been hit by a cyberattack – and with reports of such attacks up 44% in 2021, the trend is rising. Until recently, there was no obligation for the company to make a cyberattack public: for critical infrastructures, there will soon be a reporting obligation, and the expectation is that this requirement will be expanded in the future.
Beyond public reporting, the effects can be devastating: some small businesses may stop trading from six months to a year after suffering a cyberattack, as it is sometimes very difficult for the company to recover if it was not prepared for this.
For the directors, it is therefore a matter of the company’s survival that they take these issues into account and assess the risks to which the company is exposed in this area.
This section gives an introduction to the roles and responsibilities of board members with regard to cybersecurity and data protection, particularly from a legal perspective.
