Switzerland Strengthens Cybersecurity: Implementation Report on National Cyberstrategy 2025

Executive Summary

On 20 May 2026, the Swiss Federal Council took note of an implementation report on the National Cyberstrategy (NCS) documenting progress in 2025. The portfolio comprised over 90 initiatives, carried out by more than 70 implementation partners across five strategic objective areas. Since the introduction of mandatory reporting for cyberattacks on critical infrastructure (1 April 2025), 222 reports have been received by the Federal Office of Cybersecurity (BACS). The report places particular emphasis on artificial intelligence (AI) as a factor influencing threat scenarios and defence capabilities.

Persons

• Federal Council (collective institution)

Topics

• Cybersecurity
• National Cyberstrategy (NCS)
• Artificial Intelligence
• Critical Infrastructure
• International Cooperation

Clarus Lead

Switzerland is responding to a geopolitically challenging environment through systematic implementation of its cyberstrategy. The central challenge lies in the dual AI dynamic: AI exacerbates threats through automated attacks, but simultaneously opens new defence possibilities. With the ratification of the Council of Europe AI Convention, Switzerland has set regulatory standards, while operational measures such as the Cyber Security Hub with over 1,600 networked organisations enhance national response capability.

Detailed Summary

The report documents progress in five strategic objectives: empowering the population, securing digital services and critical infrastructure, defending against cyberattacks, combating cybercrime and international cooperation. The emphasis on artificial intelligence demonstrates that Switzerland recognises the transformative impact of AI on both sides of the cyber conflict: attackers use AI-driven methods, while defence forces employ AI for detection and response. In 2025, targeted AI research and development projects were launched and awareness-raising measures against AI misuse were intensified.

Operational infrastructure has been expanded: The Cyber Security Hub now networks 6,000 users across over 1,600 organisations. Specialised Cyber Security Centres have been established in healthcare, the financial sector and rail transport. Capacity building occurs through programmes such as the Cyber-Defence Campus Fellowship, the "Cyber Startup Challenge" and the national S-U-P-E-R.ch campaign. In law enforcement, bodies such as Cyber-CASE, Cyber-STRAT and NEDIK improve coordination in digital crime cases.

Internationally, Switzerland positions itself as a cyber hub: The "Geneva Cyber Week" and the "Global Conference on Cyber Capacity Building" strengthen Geneva as a location. Switzerland actively engages in UN and OSCE processes on norm-setting in cyberspace. The bug bounty programme and vulnerability management initiatives institutionalise cooperation with the IT security community.

Key Messages

• Switzerland is implementing a comprehensive, five-pillar cyberstrategy with over 90 initiatives and 70+ partners
• Artificial intelligence is recognised as a strategic dual effect: intensifies threats but also opens new defence possibilities
• Mandatory reporting for cyberattacks on critical infrastructure shows initial operational impact (222 reports in 6 weeks)
• Cyber Security Hub and specialised centres form the operational backbone for coordinated national response
• Switzerland positions itself internationally as a norm-setter and cyber location (Geneva)

Critical Questions

1. Evidence: What metrics demonstrate that the 222 reported cyberattacks on critical infrastructure actually reflect the overall threat landscape, or is there a reporting deficit in certain sectors?

2. Conflicts of Interest: To what extent do commercial interests of the 70+ implementation partners influence the prioritisation of measures within the NCS?

3. Causality: Can the report demonstrate which of the 90 initiatives have measurably led to a reduction in cyberattacks, or are these activity measurements without evidence of impact?

4. Feasibility: How are the 6,000+ users of the Cyber Security Hub actually activated and coordinated, and what is the rate of active participation in information exchange?

5. AI Regulation: What specific technical standards are to be translated from the ratified Council of Europe AI Convention into Swiss cybersecurity policy?

6. Resources: What budget funds were allocated in 2025 for NCS implementation, and how are these distributed across the five strategic objectives?

Bibliography

Primary Source: Implementation Report on the National Cyberstrategy 2025 – https://www.news.admin.ch/de/newnsb/NpjoeGQGVrnvbq6nD4L-D

Verification Status: ✓ 20.05.2026

This text was created with the support of an AI model. Editorial responsibility: clarus.news | Fact-checking: 20.05.2026