Nearly half of large companies in Switzerland have already fallen victim to cyberattacks, often with dire consequences, according to a study published Monday.
A full 45 percent of companies in Switzerland counting 250 employees or more have already been hit by at least one cyberattack, according to the latest SwissVR Monitor report.
The study, carried out by consultancy Deloitte and the Lucerne University of Applied Sciences and Arts between mid-May and early July, showed a correlation between the size of a company and the risk of cyberattacks.
Based on a survey of 400 board members from both larger, listed companies and small and medium enterprises (SMEs), the study found that only 18 percent of firms with under 50 employees had faced a serious attack.
“The connection between company size and the frequency of attacks is obvious –- large companies have greater global exposure and a larger potential target area for cyber criminals to attack,” the report authors said.
In addition, they suggested that smaller companies may be less stringent about reporting all incidents to their boards.
Florian Schutz, who is in charge of implementing Switzerland‘s national cyber protection strategy, said that “all companies are at risk, regardless of size and sector”.
Quoted in Monday’s report, he pointed out that “many SMEs lack the financial and human resources to take effective cybersecurity measures, so their expertise and infrastructure is limited or even non-existent”.
Overall, the survey showed that companies are not well enough prepared to face cyber threats.
Only 57 percent of the board members questioned said their boards had formulated a clear cyber strategy, and only about a third received regular reports from management on the top cyber risks.
That is worrying, since cyberattacks can have serious consequences for a company’s operations, with a full 42 percent of the companies in question having suffered interruption of business, the study showed.
Data leaks and product or service malfunctions are also common, sometimes with consequences beyond the company itself.
Eleven percent of respondents said customers had been targeted by follow-up attacks.
And while financial losses occur only rarely, the report authors warned that “financial consequences should not be underestimated.”.
“In addition to loss of revenue due to business interruptions, high knock-on costs –- for restoring data, for example -– can also be incurred,” they pointed out.