Swiss government introduces ICT minimum standard for protection against cyber risks

Urs Küderli Partner and Leader Cybersecurity and Privacy, PwC Switzerland 27 Aug 2018

The Federal Office for National Economic Supply (FONES) has today published the ICT minimum standard for the protection against cyber risks. This catalogue specifies cybersecurity standards that protect information and communication technology (ICT) systems and data from unintended or unauthorised access, or from damage or destruction. The ICT minimum standard is aimed at operators of critical infrastructure in Switzerland, but it can be used by any given company or organisation. PwC Switzerland has broad experience in assessing cybersecurity risks and can support organisations in implementing the minimum standard and defining the necessary cyber risk protection programmes.

What is it about?

Cybersecurity is a key concern for companies and organisations alike. Data confidentiality, integrity and availability are prerequisites for safe and efficient business, and cybersecurity forms the foundation for long-term business relations.

The national strategy for the protection of Switzerland against cyber risks (NCS) for 2018 to 2022 was adopted by the Federal Council in April 2018. It is under this umbrella that FONES has published the cybersecurity minimum standard. The standard is designed as a baseline security standard for providers and organisations of critical and non-critical infrastructure. It serves as a recommendation and is based on internationally recognised standards to assess their cybersecurity maturity, to provide guidance for their security programmes, and to increase resilience against cybersecurity threats in general.

The ICT minimum standard covers a range of topics such as identification, protection, detection, reaction and recovery, and it provides users with a set of measures for implementation. Based on this standard, individual sectors such as energy, logistics, nutrition, etc. will be able to develop sector-specific extensions and some will make the standard mandatory.

Why PwC Switzerland?

PwC Switzerland is a leader in cybersecurity assessments and in the implementation of cybersecurity measures and programmes. We have authored pioneering papers on cybersecurity and cybersecurity practice and can guide companies through all the steps of developing the strategy and setting up the necessary processes for cyber risk protection.

PwC Switzerland, as an author of the standard, also has unrivalled knowledge of the minimum standard, as the new guidelines are based on the international NIST Cybersecurity Framework Standard, a core component of PwC’s own cybersecurity strategy and programme. We use the same methodology to assess our client’s cybersecurity risk maturity and can guarantee consistent guidance according to the government standard on how to understand, assess and improve maturity and therefore resilience of an organisation.

Learn more about how PwC Switzerland can help you to implement the minimum standard here.


Here you can find further information and files of the The Federal Office for National Economic Supply (FONES). 



Urs Küderli

Partner and Leader Cybersecurity and Privacy, PwC Switzerland

+41 58 792 42 21


Contact us

Prafull Sharma

Prafull Sharma

Partner, Cloud & Digital Leader, PwC Switzerland

Tel: +41 58 792 18 72