Cyber risks remain one of the biggest threats to Swiss financial institutions, according to the latest 2024 risk monitoring report by FINMA. Despite ongoing efforts to strengthen cybersecurity, the number of successful cyberattacks has continued to rise since FINMA began systematically tracking cyber incidents in 2020.
FINMA has observed an increase in cyber incidents where attackers successfully breached financial institutions. Many of these incidents involved email-based attacks such as business email compromise (BEC) scams and CEO fraud. They also found that smaller institutions were particularly vulnerable, often lacking advanced cybersecurity measures and staff awareness.
Other weaknesses included poorly managed software updates and configuration errors that allowed hackers to bypass security measures like multi-factor authentication. Some institutions had not even fully implemented such security protocols, exposing themselves to cyber threats.
Whilst FINMA found there has been some progress in strengthening security measures, gaps still exist - particularly in preventing data loss. Many financial institutions have safeguards to protect customer identifiers and credit card details, but other sensitive personal data such as trade secrets and intellectual property remain at risk.
One major issue highlighted in the report is the delayed detection of cyberattacks. Many financial institutions fail to identify security breaches in real time, allowing hackers to operate undetected for extended periods. Some institutions also lacked comprehensive response plans or failed to test their cybersecurity strategies regularly.
Although most banks and financial firms have taken steps to recover quickly from cyber incidents, FINMA noted that many still do not conduct scenario-based cyber exercises or have clear communication strategies for handling breaches.
Cyberattacks on supply chains, including outsourced services, are also on the rise. These types of attacks now account for about a third of all reported cyber incidents, with FINMA warning that these threats will likely continue to grow, particularly in the ICT sector. Financial institutions are urged to strengthen their cybersecurity agreements with service providers and conduct regular cyber risk assessments in order to prevent serious incidents.
To improve cyber resilience, FINMA requires financial institutions to conduct regular vulnerability assessments and penetration tests. These tests must include all critical ICT components of an organisation, even those not directly connected to the internet. By simulating real-world cyber threats and undergoing institution-specific scenarios, organisations can identify weaknesses and refine their response strategies.
Penta’s highly tailored security solutions are designed by cybersecurity experts using state-of-the-art technologies. Hosted at Penta’s data centres in Dubai and Geneva, our security solutions provide best-in-class software with IT expertise. That’s why we are trusted to run and maintain IT infrastructures for some of the world’s leading financial organisations. Speak to a consultant today.