Cyber security in Switzerland is no longer defined by sheer volume of attacks, but by their increasing precision, complexity, and impact. According to the National Cyber Security Centre’s final review of 2025, almost 65,000 cyber incidents were reported over the year. While the overall increase compared to previous years was moderate, the nature of cybercrime has changed significantly.

Attackers are becoming more focused, more targeted, and more sophisticated. This shift has important implications for individuals, businesses, and institutions alike.

Fewer Reports, Greater Impact

At first glance, the numbers may appear reassuring. Fraud-related reports declined by around 5,500 cases in 2025, largely due to a decrease in scams involving calls supposedly from authorities. However, this decline was offset by a sharp increase in spam and online investment fraud.

Phishing remained one of the most frequently reported threats, accounting for 19 percent of all reports. What has changed is how phishing attacks are carried out. Rather than mass campaigns, attackers are investing time in individually tailored attacks. These highly targeted scams are more convincing and more effective, increasing the likelihood of financial loss and identity theft.

Online Fraud Is Becoming Highly Personal

One clear example is the rise in fraud linked to classified ad platforms. Victims are tricked into visiting fake payment provider websites during a transaction, often resulting in the compromise of TWINT accounts. Unlike traditional bank transfers, TWINT payments are executed immediately and are limited only by the user’s own settings, making them particularly attractive to criminals.

The misuse of TWINT accounts also highlights a broader trend. Cybercrime increasingly focuses on exploiting trust in familiar platforms, brands, and services rather than relying on technical vulnerabilities alone.

New Techniques, New Risks

In 2025, the NCSC observed a new dimension of phishing attacks using so-called SMS blasters. These devices imitate mobile phone masts, allowing scammers to send messages directly to phones in a specific geographic area without knowing the recipients’ phone numbers. Victims in western Switzerland received fake parking fine messages that led to realistic payment pages designed to capture credit card details.

This method demonstrates how cybercriminals are combining technical innovation with social engineering to increase credibility and success rates.

Data Has Value, Even When It Seems Insignificant

Another concerning trend is the deliberate collection of extensive personal data. Instead of targeting only banking credentials, scammers are building detailed profiles by imitating trusted institutions and requesting large amounts of personal information under the guise of verification or refunds. In some cases, victims were even asked to provide digital signatures.

Such comprehensive data profiles are valuable for identity theft, targeted fraud, and resale on the black market. This underlines why cyber security is not just about protecting accounts, but about protecting identities.

Companies Are Targets Too

Cybercrime does not affect individuals alone. The misuse of legitimate company names has increased, particularly affecting organizations with limited online presence. Criminals exploit public commercial register data to create convincing fake websites and launch scams such as fraudulent job offers, fake online shops, or investment platforms.

At the same time, reports of CEO fraud rose significantly in 2025. While ransomware incidents increased only slightly, the NCSC warns that attackers are focusing on fewer but more lucrative targets. Almost all ransomware attacks now involve data breaches, greatly amplifying the damage caused.

Artificial Intelligence Is Raising the Stakes

Artificial intelligence is beginning to play a visible role in cybercrime, particularly in online investment fraud. Deepfake videos featuring well-known politicians promoting fake investment opportunities are becoming more common. There have also been early cases of blackmail using AI-generated images.

Although AI-driven attacks are not yet dominant, their potential to make scams more realistic and personalized presents a growing challenge for cyber security in the years ahead.

A Shared Responsibility for a Secure Digital Future

The introduction of mandatory reporting for cyberattacks on critical infrastructure in April 2025 has already improved Switzerland’s understanding of the threat landscape. The growing participation of infrastructure operators in information sharing is a positive sign, showing that collaboration strengthens resilience.

Ultimately, cyber security is no longer a concern for specialists alone. It affects trust in digital services, economic stability, and personal safety. As attacks become more sophisticated, awareness, education, and proactive security practices become essential for everyone.

Cyber Security in Switzerland

Cyber security in Switzerland is not just about preventing incidents. It is about protecting people, organizations, and the trust that underpins Switzerland’s digital society.

Join us online on 15 January 2026 for our webinar What it Takes to Succeed in Cyber Security: Learning, Entering, and Thriving in a High-Stakes Field.

And follow the National Cyber Security Centre NCSC on LinkedIn to keep up with cybersecurity issues impacting Switzerland.