Mr. Benz, the National Cyber Security Centre (NCSC) was created as a central competence hub for this area in mid-2020. The Swiss finance sector now also has a competence center of this type, the Swiss Financial Sector Cyber Security Centre (FS-CSC). Is a joint, cross-sector approach the only thing that can help combat the growing and complex risk we face?
Yes, that’s the case. The days when every bank or insurance company looked out for themselves are gone. A shared approach between financial institutions is the only sure path to success, in close coordination with the public authorities. The key word here is public-private partnership.
You’ve described the association’s mission as promoting cooperation between financial institutions and the authorities on strategic and operational matters. So what exactly does this cooperation involve?
There is a division of labor, with the association representing the financial institutions and their organizations and the NCSC representing the federal government. As I mentioned earlier, close cooperation between both sides is needed to strengthen cyber resilience.
How exactly does the cooperation with the FS-CSC work? Which tasks does the FS-CSC take care of, and which the NCSC?
The NCSC, the State Secretariat for International Financial Matters (SIF), and the Swiss Financial Market Supervisory Authority (FINMA) are involved in the governing body – the association’s strategic committee, which is also responsible for its crisis organization. The same applies for the key expert group that advises the governing body. The NCSC plays a central role in the exchange of information,
especially as this also involves state information.
Have any specific measures already been implemented?
In early September 2022, the global service provider FS-ISAC (Financial Services Information Sharing and Analysis Center) began its work as an operational unit of the association within the scope of a mandate. And since mid-September 2022, the members of the association have also had access to an exchange of information on various topics, including possible threats.
How big is the threat really? Can you tell us a bit about where the attacks come from?
It’s difficult to predict – that’s something you only have a clearer picture of afterward.Broadly speaking, there are two types of threats: Those of a criminal nature, for example by organized crime, and those of a political nature, such as cyber attacks as a military means of waging war.
What are the greatest cyber security risks or areas that need to be worked on in the Swiss finance sector?
We wouldn’t be able to answer that for security reasons. But as a general rule, the Swiss financial market invests a lot in its cyber resilience. Right now, the FS-CSC association is focusing on setting up a joint crisis organization for Switzerland’s financial market.
Do you cover other risks besides criminal threats, such as hacker attacks or attempted fraud? Business risks would be conceivable as well, such as shortages in hardware and software supply chains, political risks such as new data protection guidelines and IT regulations, or the risk of a shortage of skilled workers in IT.
The association is currently focusing on how to deal with cyber risks, specifically in terms of systemic crises, because these require a particularly high degree of shared action on the part of all stakeholders.
Have users become more resilient? There’s a general sense that many people are aware of the risk posed by phishing attacks and that it isn’t a good idea to use your own date of birth as your password.
That’s definitely true. But even so, there’s still work to be done here. Raising awareness will continue to play a role for everyone working in the field of cyber security.
The Swiss Financial Sector Cyber Security Centre was founded in Zurich on April 5, 2022. Its 55 founding members, which consist of banks, insurance companies, and financial organizations, include the Swiss Bankers Association (SBVg), SIX, Swiss National Bank (SNB), the Swiss Insurance Association (SIA), and the Association of Foreign Banks in Switzerland (AFBS). FS-CSC is supported by the collaborative efforts of its affiliates, the Swiss Financial Market Supervisory Authority (FINMA), the National Cyber Security Centre (NCSC), and the State Secretariat for International Financial Matters (SIF). The association now has around 125 members from the finance sector, including banks, insurance companies, investment firms, and FINMA-authorized financial market infrastructures and their organizations. fscsc.ch