Cybersecurity & Strategic Defense Measures in Swiss Companies
Thank you for your interest in my master thesis. The questionnaire (discussed below) is available at www.cybersecurity-survey.ch.
Background Information and Main Questions
Cybersecurity is a pressing topic – in Switzerland as well as worldwide. US-President Barack Obama highlighted it in this year’s State of the Union Address. The current semiannual report of MELANI and the 2013 annual report of CYCO show that cybercrime is of increasing concern also in Switzerland. PwC’s Global Economic Crime Survey reported that 26% of Swiss companies having experienced economic crime in 2014 were affected by cybercrime (compared to 20% in the previous study from 2011). In recent years, several high-profile cyber-attacks have received substantial attention in media, such as those on Sony Pictures Entertainment (allegedly 100 terabytes of stolen data; November 2014), Target (40 million credit and debit card numbers stolen; December 2013, JPMorgan Chase (contact information for 76 million households and 7 million small businesses stolen; August 2014). In Switzerland, the recent data breach at Banque Cantonale de Genève resulted in 30’000 stolen emails. As the attitude in Switzerland towards cybercrime is still largely unexplored, the following questions arise: How is the current cybercrime threat perceived by Swiss companies? What is the awareness and readiness of Swiss companies to face it? What can, and what are Swiss companies doing to mitigate the threat and minimize the impact of cybercrime on their business? How closely do Swiss companies follow the evolution of cybercrime and how do they stay up to date?
This thesis will be conducted for the Department of Banking and Finance of the University of Zurich, and the work will be concentrated on firms in the financial services sector. The research will focus on the following aspects of cybersecurity in Switzerland:
- Aim to answer questions regarding the cybersecurity-awareness of Swiss firms;
- Intend to assess how Swiss companies handle the threats posed by cybercriminals and bring insight into possible variations between the companies in relation to their category (size, sector, private/public, etc.)¹;
- It should, based on existing reports and by seeking complementary information on strategic cybercrime consulting, outline an anti-cybercrime best practice framework for Swiss companies;
- Analyze the collected information with respect to the outlined best practice recommendations: Where are Swiss companies positioned? Which gaps can be identified?; and
- Finally, look at the results of the analysis and best practice recommendations from the perspective of current cybercrime insurance coverage and propose key measures.