No Match Found
The website is unavailable. Access to the system is blocked and sales can no longer be processed. Unknown persons demand that the company pay a ransom to prevent the publication of the stolen manufacturing plans and customer master data.
Unfortunately, such terrifying scenario has recently become reality for many companies. All companies in all industries are fundamentally susceptible to ICT-related incidents. Such incidents can occur within the company itself (e.g., due to technical inadequacies or negligence) or due to external causes (e.g., hackers, organized crime).
The good news: ICT incidents can be prevented, if not completely, then at least to a large extent through appropriate preventive measures. In addition, a well-prepared company is significantly less affected by the consequences in the event of an emergency.
In addition to appropriate technical measures (suitable hardware and software, backup, network monitoring, etc.), the regulatory and legal handling of ICT risks (Cyberlaw) is of great importance both before and after an incident.
Cyberlaw can be used pragmatically and efficiently, providing a 360° protection framework for the company before, during and after an ICT incident:
In addition, the reporting obligations to authorities and affected parties will gain in importance in the future. Already today, certain regulated or listed companies are subject to a regulatory reporting obligation. In the future, all Swiss companies will be subject to a reporting obligation in certain cases. For example, with the imminent entry into force of the revised Data Protection Act, data security breaches are expected to be reported to the Federal Data Protection and Information Commissioner (FDPIC) from the middle/end of this year if certain requirements are met.
In addition, the Federal Council recently opened the consultation process on the introduction of a reporting obligation in the event of attacks on ICT systems for operators of critical infrastructures to the National Cyber Security Center (NCSC). Operators of critical infrastructure include banks, insurance companies and other financial intermediaries, certain providers of cloud computing, online marketplaces and other digital services, manufacturers of pharmaceuticals and medical devices, public transport companies and others.
Thanks to the correct regulatory and legal handling of the risks associated with the use of ICT systems (Cyberlaw), a company can significantly increase security and minimize vulnerability.
PwC supports companies in all industries regarding regulatory and legal aspects of ICT risks and the effective and pragmatic implementation of a protection concept.
Partner Legal, PwC Switzerland
Tel: +41 58 792 18 56
Director | Head of FinTech, Blockchain and Digital Assets, PwC Switzerland
Tel: +41 58 792 92 24
Senior Manager, FS Regulations, PwC Switzerland
Tel: +41 58 792 29 93
Manager | Data Privacy | ICT | Implementationᐩ, PwC Switzerland
Tel: +41 58 792 44 00
Associate | Data Privacy | ICT | Implementationᐩ , PwC Switzerland
Tel: +41 58 792 44 00
Associate | Data Privacy | ICT | Implementationᐩ, PwC Switzerland
Tel: +41 58 792 49 64