Reporting obligation review: NCSC records over 264 mandatory reports since April 2025

The National Cyber Security Centre reviews: over 264 mandatory reports and nearly 65,000 voluntary reports show the extent of the cyber threat in Switzerland.

NCSC reviews the reporting obligation

Since 1 April 2025, reporting cyber attacks on critical infrastructure has been mandatory in Switzerland. Almost a year later, the National Cyber Security Centre (NCSC) draws an initial review.

Key figures

  • 264+ mandatory reports since April 2025
  • 64,733 voluntary reports in 2025
  • Since October 2025: fines up to CHF 100,000 for non-compliance
  • NCSC budget 2026: increased to CHF 26.25 million

Recommendations for businesses

  1. Check whether your business is subject to the reporting obligation
  2. Establish a reporting process that meets the 24-hour deadline
  3. Document cyber incidents comprehensively
  4. Evaluate cyber insurance covering regulatory costs and fines
  5. Train employees to recognise reportable incidents

Have questions about cyber insurance?

Our partners at BTAG are happy to advise you — free and with no obligation.

Learn more Or calculate your costs first

A service of BTAG Versicherungsbroker AG, Bern — independent advice since 1990.

BTAG Versicherungsbroker AG Mitglied SIBA FINMA Register-Nr. 12229
Contact us →