Cyber risks 2022

Increasing professionalisation of criminals and ever shorter times between the announcement and exploitation of critical security vulnerabilities are keeping the financial industry on its toes. A successful attack can lead to outages and interruptions of information and communication technology systems and jeopardise the protective goals of availability, confidentiality and integrity. Specific risk drivers include a lack of awareness of how to deal with cyber risks – be it among employees or due to inadequate governance. In addition, the cyber processes at many institutions are too fragmented to allow them to make a comprehensive assessment of their own cyber risk situation. Risk therefore remains high in this area.

Successful cyberattacks on established companies in Switzerland and elsewhere regularly make the headlines. Cyberattacks are becoming increasingly sophisticated, and attackers are constantly developing new methods. In addition, security gaps are constantly emerging, which companies have to close or mitigate very quickly. A recent example is the “Log4j” vulnerability, a gap in a widely-used logging tool for Java applications, which was discovered at the end of 2021 and could be exploited very easily over the internet. Many of the supervised institutions reacted quickly in order to close the gap promptly. Particularly companies that had prepared instructions and procedures for such scenarios and had tested these during regular business operations were able to deal with the incident effectively and promptly.


Supervised institutions reported a total of 145 cyberattacks to FINMA between September 2020 and September 2022. Since the publication of the last Risk Monitor, 65 attacks have been added. An evaluation of the attacks reported in the last twelve months shows that the focus of attacks has shifted from the “distributed denial of service” (DDoS) type to malware (particularly via external service providers). The most frequent method of attack was via an external service provider in the course of an outsourcing arrangement.

FINMA currently identifies the following main risk drivers in its supervisory work:

  • Some of the supervised institutions have no, or only incomplete, response plans for cyber incidents in place or do not review the effectiveness of these plans.
  • Supervised institutions do not explicitly integrate cyber risks into their qualitative management of operational risks. This means that systematic and comprehensive risk management of cyber risks cannot be guaranteed.
  • Supervised institutions do not adequately define their cyber risks and their associated risk tolerance or there is no cyber protection concept in existence.
  • In some cases, supervised institutions do not set out clear cyber security requirements to service providers or do not regularly review whether these are being met.

(From the Risk monitor 2022)

FINMA Risk Monitor 2022

Updated: 10.11.2022 Size: 0.52  MB
Add to personal download list