The Swiss Financial Market Supervisory Authority (FINMA) published a new supervisory communication in 2024 addressing the growing threat of cyber risks. Communication 03/2024 sets out clear guidelines and expectations for financial institutions to strengthen their resilience against cyberattacks. This announcement comes at a time when cyber threats are rising globally, marking a significant step toward safeguarding the integrity and security of the Swiss financial center. The communication covers several key aspects, including risk identification, the implementation of appropriate security measures, and emergency planning.

Cyber risks are of considerable importance for the Swiss financial sector, as they can threaten not only the security of data but also the stability of the entire system. The spectrum of threats ranges from simple phishing attempts to sophisticated distributed denial-of-service (DDoS) attacks. FINMA emphasizes that financial institutions must take proactive measures to prevent and manage such risks. This includes conducting regular risk assessments, implementing technical and organizational safeguards, and providing cybersecurity training for staff.

In its communication, FINMA sets out specific information security requirements. These include a range of measures that financial institutions must implement to protect critical infrastructures. Key requirements include:

• Effective identity and access management
• Encryption of sensitive data
• Regular security audits

Institutions are also required to have clearly defined emergency plans in place to respond quickly and effectively in the event of a cyberattack. The supervisory authority emphasizes the importance of a holistic security approach that considers both technical and human factors.

To reduce cyber risks, FINMA recommends the use of advanced technologies such as intrusion detection systems (IDS), next-generation firewalls, and comprehensive monitoring solutions. These technologies are designed to help identify suspicious activity early on and trigger appropriate countermeasures. The role of artificial intelligence is also highlighted, especially in the automated detection of threat patterns and anomalies. Additionally, network segmentation is emphasized as an important strategy to limit the impact of a potential security incident.

In addition to technological solutions, the organizational structure of financial institutions plays a central role in cyber defense. FINMA requires that clear responsibilities in IT security be defined and that regular training for employees be conducted. These trainings aim to raise awareness of cyber threats and train staff on how to properly handle potential security incidents. Additionally, cyber drills are recommended for financial institutions to test and optimize the responsiveness of their teams.

Another key element of the FINMA supervisory communication is the conduct of regular reviews and audits of security measures. These audits are designed to ensure that the implemented measures are effective and adapted to constantly evolving threat scenarios. It is recommended that both internal and external audits be conducted to obtain an objective overview of the security situation. Additionally, vulnerability analyses and penetration tests should be performed to identify and address potential gaps in the security system.

In the event of a cyber attack, a rapid and coordinated response is essential. FINMA emphasizes the need for clearly defined emergency plans and response strategies, which should be regularly tested and updated. These plans should address all aspects of crisis management, from technical responses to communication with customers and the media. The goal is to minimize the impact of an attack on the financial institution and ensure business continuity.

The importance of test runs and simulations is particularly emphasized to ensure the preparedness of all teams involved.

An effective cybersecurity strategy requires continuous adjustments and improvements. FINMA urges financial institutions to regularly review their security strategies and adapt them to emerging threats.

Utilizing feedback loops that learn from past security incidents is crucial. Continuous analysis of the threat landscape and investments in research and development of new security solutions are described as essential steps to successfully tackle the dynamic challenges in cybersecurity.