FAQ : Issues
Are Swiss SMEs more exposed than large companies?
Yes. SMEs are prime targets precisely because they have fewer security resources than large organisations, while still handling sensitive data. In Switzerland, 40% of cyberattacks directly target SMEs (NCSC). Unlike large companies, they often have neither a dedicated IT team, nor a tested continuity plan, nor a sufficient remediation budget — which explains why 60% of them cease operations within 6 months of a serious incident.
How can I protect my business from ransomware?
Three essential measures: regularly tested offline backups, multi-factor authentication (MFA) on all critical access points, and anti-phishing training for your employees. Bexxo offers all three services in its audit packages.
How long does a cybersecurity audit take?
A Bexxo audit takes between 3 and 10 business days depending on the package chosen (Essentiel, Standard or Premium) and the size of your infrastructure. You receive a detailed report with a prioritised action plan.
How much does a cyberattack cost a Swiss SME?
On average CHF 100,000 per incident for a Swiss SME, including business interruption, technical remediation and reputational damage. Ransomware cases can exceed CHF 500,000 if backups are compromised.
What are the lasting consequences of a cyberattack for a business?
Beyond the immediate cost (an average of CHF 100,000 for a Swiss SME), a cyberattack leads to four lasting consequences: (1) loss of customer trust — 87% refuse to work with a compromised company (McKinsey); (2) reputational damage that is difficult to reverse; (3) legal risks under the nFADP (fines up to CHF 250,000); (4) loss of competitive advantage if strategic data has been exfiltrated.
What are the major cybersecurity challenges for businesses?
The main challenges include the protection of sensitive data, regulatory compliance (GDPR, ISO 27001, etc.), attack prevention, and crisis management. Bexxo helps you prioritize these issues and address them effectively.
What are the obligations of the nFADP for Swiss SMEs?
The nFADP requires maintaining a record of processing activities, reporting breaches within 72 hours, conducting impact analyses and implementing appropriate technical measures. Fines can reach CHF 250,000.
What are the obligations under the nFADP in the event of a data breach?
The nFADP requires notification to the FDPIC within 72 hours, informing affected individuals if the risk is high, and documenting the incident. Fines can reach CHF 250,000 for the responsible persons.
What is the first thing to do in the event of a cyberattack?
Immediately isolate the compromised systems from the network, do not pay a ransom, document the incident and contact a cybersecurity specialist. Bexxo offers an incident response service for Swiss businesses.
Why define clear cybersecurity objectives?
Precise and measurable objectives help structure available resources, anticipate threats, and implement targeted action plans to strengthen the overall resilience of your infrastructure.
Why should I strengthen my company's network infrastructure?
A robust and well-configured network prevents most attacks and ensures the continuity of your operations, even during periods of high demand or elevated cyber threats.