New Cybersecurity Check for SMEs
Cyberattacks remain a real threat to Swiss SMEs — yet many companies perceive cybersecurity as increasingly less urgent. The fully revised Cybersecurity Check for SMEs addresses this gap by providing guidance, clear priorities, and concrete measures that can be implemented with manageable effort.
Practical measures against growing cyber risks
Only 42% of Swiss SMEs feel adequately protected in the event of a cyberattack — a significant drop from 55% the previous year. At the same time, more than one in four SMEs now considers cybersecurity a low priority. This trend stands in stark contrast to the persistently high level of cyber threats.
Against this backdrop, the Cybersecurity Check for SMEs has been completely revised. The practical tool helps companies systematically assess their security posture and improve it in a targeted way — without unnecessary complexity.
The situation is worsening and SMEs are doing too little
The study “SME Cybersecurity 2025” highlights a concerning discrepancy: cybercrime remains a relevant risk, yet many SMEs continue to respond cautiously. Common gaps include:
- unclear organisational responsibilities
- missing emergency and escalation processes
- a lack of regular security reviews
Cybersecurity is not just a technical issue. It is a management and organisational responsibility. “Many SMEs know they need to act, but they lack orientation and clear priorities. The Cybersecurity Check shows where the most important levers are — and how to get started with realistic steps,” says Andreas Kälin, Alliance Digital Security Switzerland (ADSS).
Five focus areas — compact and practical
The Cybersecurity Check focuses on five core areas that are particularly relevant for Swiss SMEs:
- Organisation & processes
- Employees & awareness
- Technical security measures
- Data protection & legal requirements
- External partners & service providers
In addition, a structured self-assessment helps organisations evaluate their current maturity level and define concrete priorities.
“Cyber risks are complex and constantly evolving. Standards provide orientation — and the Cybersecurity Check translates these principles into clear, practical criteria for SMEs,” says Marcel Knecht, Swiss Association for Standardization (SNV).
External IT partners: important — but not risk-free
External IT service providers play a central role for many SMEs. At the same time, the study reveals significant differences in security standards and processes.
Florian Muff, Head of CyberSeal Auditors at ADSS, explains: “CyberSeal provides SMEs with guidance by identifying service providers that demonstrably meet an appropriate level of protection. The Cybersecurity Check also shows how external partners should be integrated in a meaningful and secure way.”
About the Cybersecurity Check
The Cybersecurity Check was first developed in 2020 as part of the National Strategy for the Protection of Switzerland Against Cyber Risks (NCS).
The fully revised 2025 edition was developed in collaboration with: ADSS, BACS, BDO, digitalswitzerland, EXPERTsuisse, GObugfree, ISSS, SATW, SISA, SNV, SQS, Suissedigital, and SVV.
Take action now — with realistic steps
Cybersecurity must be firmly anchored in company leadership. Many effective measures — such as strong passwords, regular updates, clearly defined access rights, or a simple emergency plan — require little effort but have a significant impact on resilience.
The Cybersecurity Check provides a structured and easy-to-understand starting point.