Dossier on cyber risks

Cyber risks are one of the most significant operational risks facing financial institutions. FINMA is therefore looking closely at the issue and has increased the intensity of its supervision. This page provides key information on this topic.
From the Annual Report 2022

Increase in cyber attacks: implementation of on-site supervisory reviews and scenario analyses

JB22

In 2022, successful cyber attacks on companies across all sectors hit the headlines once again, both in Switzerland and worldwide. FINMA also identified an increasing number of reported cyber attacks on supervised institutions.

To the content
From the Risk monitor 2022

Cyber risks 2022

Cyberrisiken

Increasing professionalisation of criminals and ever shorter times between the announcement and exploitation of critical security vulnerabilities are keeping the financial industry on its toes.

To the content
From the Annual Report 2021

Findings from cyber supervision 2021

During the year under review, successful cyber attacks on established companies from all industry sectors, both in Switzerland and the rest of the world, were reported in the headline news. FINMA has also observed an increasing number of reported cyber attacks. Since the entry into force, in September 2020, of the clarifications on the duty to report cyber attacks, as published in FINMA Guidance 05/2020, a total of 95 cyber attacks of substantial importance for the affected institutions have been reported. The worst-affected institutions were banks, followed by asset managers and insurance companies.

To the content
From the Risk monitor 2021

Cyber risks 2021

The coronavirus pandemic has given an extra boost to digitalisation. However, greater digitalisation also increases the dependency on information communication technologies, which can give rise to significant vulnerabilities at Swiss financial institutions. For example, IT system outages and disruptions, particularly those resulting from cyberattacks, can jeopardise the availability, confidentiality and integrity of critical services and functions. 

To the content
From the Annual Report 2020

New cyber supervisory approach and guidance

Dependency on information and communications technologies continued to rise in 2020. This was driven by the digitalisation strategies pursued by the supervised institutions and was intensified even further by the pandemic-driven extensive shifts towards home-office working. This dependency has rendered financial institutions increasingly vulnerable to cyber attacks. FINMA therefore assessed this risk to be even higher than in the previous year. It considers it to be one of the seven top risks faced by the Swiss financial centre.

To the content
From the Risk monitor 2020

Cyber risks 2020

The high and ever-growing dependency on and interconnectivity of information and communication technologies gives rise to pronounced vulnerabilities among Swiss financial institutions. For example, outages of and disruptions to IT systems, particularly those resulting from cyberattacks, can jeopardise the availability, confidentiality and integrity of critical services and functions. Depending on the nature of the cyberattack in question, this can have repercussions not only for individual financial institutions but on the functioning of the Swiss financial centre as a whole.

To the content
From the Annual Report 2019

Cyber risks in supervision 2019

Technological progress and the latest trends have led to FINMA stepping up its supervision of cyber risks. These risks are monitored directly, for example through focused on-site audits by FINMA, and monitored by audit firms as part of the regulatory audit process.

To the content
From the Risk monitor 2019

Cyber risks

The high and ever-growing dependency on and interconnectivity of information and communication technologies give rise to pronounced vulnerabilities among Swiss financial institutions. For example, outages of and disruptions to IT systems, particularly those resulting from cyberattacks, can jeopardise the availability of critical services and functions.

To the content
From the Annual Report 2018

Cyber risks are a priority for FINMA’s supervisory activities

Cyberrisiken

Supervision is focusing on technology-driven risks such as the threat of cyber attacks and the risks associated with outsourcing.

To the content
From the Annual Report 2016

At a glance: the threat of cyber attacks

Swiss banks must guard their infrastructure against various types of attack. In addition to phishing, malware and disruption to the availability of computers, the debilitating scenarios Swiss financial institutions face are growing ever more sophisticated and complex.

To the content

Backgroundimage