Blog

Swiss critical sector faces new 24-hour cyberattack reporting rule

7 hours ago
2 minutes read

Switzerland’s National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery.

According to the NCSC announcement, this new requirement is introduced as a response to the increasing number of cybersecurity incidents and their impact on the country.

Examples of types of cyberattacks that will have to be reported include:

  • Cyberattacks that jeopardize the operation of critical infrastructure

  • Manipulation, encryption, or exfiltration of data

  • Extortion, threats, and coercion

  • Malware installed on systems

  • Unauthorized access to systems

The mandate is introduced via an amendment to the Information Security Act (ISA), which will go into effect on April 1, 2025. The law applies to critical service providers such as utilities, local government, and transportation organizations.

“The Federal Council has decided that the amendment to the Information Security Act (ISA) of 29 September 2023 will enter into force on 1 April,” reads the announcement.

“The ISA stipulates that authorities and organisations subject to the reporting obligation, such as energy and drinking water suppliers, transport companies and cantonal and communal administrations, must report cyberattacks to the NCSC within 24 hours of discovery.”

The complete list of all entity types that are impacted by this new requirement is published here.

A leniency period will be given until October 1, 2025, but failure to comply after that date will result in fines of up to CHF 100,000 ($114,000).

Organizations impacted by a cybersecurity incident will have to report it via an online form on the NCSC site or via email, with no registration required.

The first report must be submitted within 24 hours of the incident’s discovery, and a follow-up report with additional details will be expected in the next 14 days.

There are provisions for particular exceptions under Art. 74c of the ISG, with more details available here.

Switzerland calls this new requirement a milestone for cybersecurity in the country, noting that it is in accordance with the NIS Directive, an EU-wide cybersecurity legislation that applies to operators of essential services and digital service providers.


Red Report 2025

Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.


Source link

Tags
7 hours ago
2 minutes read

Related Articles

X hit by ‘massive cyberattack’ amid Dark Storm’s DDoS claims

2 hours ago

Nintendo’s Alarmo uses the tech that could solve Joy-Con stick drift

2 hours ago

What is a shared IP address? What are the risks?

2 hours ago

Who is Yann LeCun? | ITPro

2 hours ago

NYT Strands Today: Hints, Answers & Spangram for March 11, 2025

2 hours ago

Looking beyond university graduates for new hires in tech

4 hours ago

Microsoft is developing its own AI models to compete with OpenAI – Computerworld

4 hours ago

Why You Shouldn’t ‘Fix’ Your Older Chromecast With a Factory Reset, According to Google

4 hours ago

How to enable Smart App Control protection on Windows 11

4 hours ago

Best Clothes Steamers of 2025

4 hours ago
Back to top button
close