Cyberattacks are on the rise and financial services providers worldwide are being targeted by malicious actors. While digitalization of financial services is a long-standing trend, it has been accelerated by the COVID-19 pandemic. Although this has brought many advantages, it has also increased the risk that cyberattacks severely disrupt the functioning of financial services and ultimately threaten financial stability.
It therefore comes as no surprise that legislators and regulators in Switzerland and around the world are stepping up their response. In the European Union the Network and Information Systems (“NIS“) 2 Directive is due to repeal the existing NIS Directive by October 2024, while the new Digital Operational Resilience Act (DORA), which contains an ICT risk management framework specifically for financial entities, will apply from January 2025.
Although Switzerland is lacking comprehensive cyber security legislation, there are a number of statutes, regulations and guidance, along with new draft legislation, that apply to the financial services industry. The most important of these are outlined in this blogpost.
National Cyber Security Centre and National Strategy…
