Ethical Hacking News
Switzerland has introduced a new 24-hour reporting rule for critical infrastructure organizations, requiring them to report cyberattacks to the National Cybersecurity Centre within 24 hours of discovery. This move is part of Switzerland's commitment to enhancing its cybersecurity posture and better protecting its critical infrastructure from emerging threats.
Switzerland has introduced a new reporting obligation for critical infrastructure organizations regarding cyberattacks. The requirement, set to start on April 1, 2025, requires these organizations to report cyberattacks to the National Cybersecurity Centre (NCSC) within 24 hours of discovery. Organizations impacted by a cybersecurity incident must report via an online form or email with no registration required. Failure to comply may result in fines of up to CHF 100,000 ($114,000).
Switzerland, a country known for its high standard of living and strong economy, has taken significant steps to enhance its cybersecurity posture by introducing a new reporting obligation for critical infrastructure organizations. The National Cybersecurity Centre (NCSC) has announced that as of April 1, 2025, these organizations will be required to report cyberattacks to the agency within 24 hours of their discovery.
This new requirement is in line with Switzerland's commitment to maintaining a strong cybersecurity framework, which aligns with EU-wide cybersecurity legislation. The NCSC believes that this move will help to improve the country's overall cybersecurity resilience and better protect its critical infrastructure from cyber threats.
According to the NCSC announcement, the types of cyberattacks that will be subject to this new reporting requirement include those that jeopardize the operation of critical infrastructure, manipulation, encryption, or exfiltration of data, extortion, threats, and coercion, malware installed on systems, unauthorized access to systems, and other malicious activities.
Organizations impacted by a cybersecurity incident will have to report it via an online form on the NCSC site or via email, with no registration required. The first report must be submitted within 24 hours of the incident's discovery, and a follow-up report with additional details will be expected in the next 14 days.
The Swiss government has emphasized that this new requirement is a milestone for cybersecurity in the country, highlighting its commitment to staying ahead of emerging threats. Failure to comply with this new rule after October 1, 2025, may result in fines of up to CHF 100,000 ($114,000).
This development comes as Switzerland continues to experience an increasing number of cybersecurity incidents and their impact on the country's critical infrastructure. By introducing this new reporting requirement, the Swiss government aims to enhance its ability to respond to these threats and improve its overall cybersecurity posture.
Experts believe that this move will also serve as a model for other countries to follow, demonstrating Switzerland's commitment to maintaining a strong cybersecurity framework. The NCSC's decision to introduce this new requirement is seen as a proactive step in enhancing the country's cybersecurity resilience and protecting its critical infrastructure from cyber threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Switzerland-Cracks-Down-on-Cybersecurity-New-24-Hour-Reporting-Rule-For-Critical-Infrastructure-Organizations-ehn.shtml
https://www.bleepingcomputer.com/news/security/swiss-critical-sector-faces-new-24-hour-cyberattack-reporting-rule/
https://cybernews.com/security/switzerland-mandatory-cyberattack-reporting/
Published: Mon Mar 10 13:31:26 2025 by llama3.2 3B Q4_K_M
