The question is not whether, but when a company will be hit by a cyberattack. The speakers at the first Cyber Security Forum for Industry and Retail were in agreement on this point. The severity of the current threat landscape and the consequences this has for businesses in the retail sector were explained in detail at the joint event organised by the National Cyber Security Centre (NCSC) and Markant AG on 16 June at BERNEXPO. Moderator Christian Folini guided the audience through the day’s proceedings.
Strengthening digital resilience in the long term
Patrick Scheurwater, Managing Director of Markant Syntrade Schweiz AG, and Florian Schütz, Director of the NCSC, welcomed guests from industry and retail in Bern. Patrick Scheurwater emphasised that, not least due to the essential supply function in the food sector, the Markant network bears a high level of corporate responsibility. Cyberattacks are a daily reality in the sector – not only for major players, but also for small and medium-sized enterprises. One objective is to foster a shared understanding within the sector to strengthen digital resilience in the long term. Florian Schütz highlighted the pressing nature of cyber security. It is essential for managing directors to understand how their own companies are affected.
Current cyber threats facing Switzerland
Geopolitical uncertainties and conflicts are intensifying Switzerland's cyber security situation, as a presentation by the NCSC and the Federal Intelligence Service (FIS) showed, and make it clear that Switzerland, too, is increasingly affected by cyber threats.
Monica Ratte, co-head of GovCERT, referred to specific cyberattacks in the UK retail sector: on Marks & Spencer, Coop and Harrods in 2025. However, cyberattacks on supply chains and retail businesses also posed a growing risk in Switzerland. She emphasised that good preparation was key to averting and minimising damage.
She identified the attackers’ typical strategies as the reason for this: the timing is chosen very carefully – encryption usually begins on a Friday evening. At this stage, damage can still be prevented if action is taken swiftly. Monica Ratte emphasised the importance of a pre-defined communication strategy, clearly defined incident response processes with established decision-making authority, and an understanding of dependencies on third parties.
Her conclusion: «Any organisation can be affected. A great deal can be prepared in advance. Then the impact is much smaller.»
Cybersecurity as a key board-level issue
In his presentation «The Hidden Cyberwar: Global, Dominant and Dangerous», author Peter Hacker called on senior management to recognise cyber risks as a board-level issue. In many cases, this is not yet being put into practice, the expert criticised. He emphasised: «Cybersecurity is an asset, not a cost item!» In the face of global tensions in a highly interconnected world, code has evolved into a powerful weapon of non-kinetic warfare. «We must assume the worst-case scenario, not the best-case scenario. Anything else would be naïve,» said the speaker. This applies not only to public authorities and large corporations, but also to smaller businesses. It is important to be well prepared for the scenario of a cyberattack: secure passwords and backups are the first lines of defence.
It is essential to rehearse an emergency scenario – from defining responsibilities right through to dealing with a ransom demand from the attackers. In this regard, Peter Hacker, like all the speakers throughout the day, advised against paying the sums demanded.
Weakness: Humans
Social Engineer Ivano Somaini presented fascinating insights into a very special professional field. As a ‘legal intruder’, his job is to identify security vulnerabilities – for example, on behalf of companies or banks. In his talk ‘The devil is in the details’, he gave an amusing account of how, with the help of keen observation and simple tricks, he exploited other people’s good nature to gain access to a bank’s secure area. He demonstrated how easy it is to carry out a complete digital background check on a person within a few minutes using AI and a single photo. He also advised caution when posting on social media, particularly when sharing personal information. Ivano Somaini described working with phishing emails with a wink as «super boring for a social engineer» – because phishing almost always works with carefully selected content. At the same time, the humorous stories revealed the serious realisation that human good nature, curiosity and naivety are among the most significant cybersecurity risks.
The strength of cooperation
Mark Michaelis, Managing Director of Markant Services International GmbH (MSI), BACS Director Florian Schütz and Kenza Leclere (BACS) outlined in their joint presentation how collaboration in the field of cyber security can strengthen the industry.
Mark Michaelis reported that, on average, Markant has to temporarily disconnect two industrial partners from the partner network every week because they have fallen victim to a cyber attack. Small and medium-sized enterprises are also being targeted with increasing frequency. Phishing is a dominant issue here – which is why Mark Michaelis emphasised raising staff awareness as a key measure. Markant continuously scans the dark web to identify information and user data at an early stage – a practice that has already prevented significant damage in the past. Meanwhile, the MSI Managing Director identified developments in the field of AI only indirectly as a threat: AI does not attack of its own accord, but it does accelerate the work of hackers.
Mark Michaelis also presented specific solutions that can be used by Markant’s customers: the Digital Crisis Room, for example, acts as a back-up infrastructure to ensure resilience and the ability to respond. Services such as Cyberlyze provide support in complying with the NIS 2 Directive. Also helpful from Markant’s perspective is networking with various cyber security alliances and the NCSC's Cyber Security Hub (CSH). «Together we are strong because everyone shares their latest experiences.»
Florian Schütz also advised against focusing solely on defending against attacks, but rather on creating mechanisms for collaboration. Kenza Leclere discussed how NCSC coordinates and implements the National Cyber Strategy in Switzerland – across society, the business sector and the state. This involves making knowledge about cyber security accessible and understandable, providing suitable means to prevent attacks, analysing patterns and alerting organisations, as well as creating a central point of contact in the form of the Cyber Security Hub. The establishment and expansion of so-called Cyber Security Centres (CSCs) in various sectors is a key priority in this regard.
What makes industry and retail vulnerable
Jonas Schwade, Managing Director of cysmo Cyber Risk GmbH, focused on technical aspects of cyber security and highlighted typical attack vectors.
In a study involving around 500 companies from the food industry, Cysmo identified IT security vulnerabilities in around 63 per cent of firms – ranging from outdated software to open ports. In more than half of the companies, email addresses could be found on the dark web. Overall, however, Schwade also expressed optimism: on balance, companies were already becoming more resilient.
Jacopo Fumagalli, Chief Information Security Officer (CISO) at Axpo, experienced first-hand in 2019 the challenges executives face in the event of a cyberattack. In 2019, he took up the role of CISO at the Swiss company Omya – at a particularly inopportune moment, in the middle of a cyberattack. Looking back, Fumagalli describes this period as tough but valuable. He, too, considers preparation for an emergency to be essential: for him, clear lines of responsibility and deputisation arrangements are just as much a part of this as a defined communication strategy – both internally and in dealings with customers and, not least, the press.
Progress and challenges
Two ‘Talk Corners’ provided space for more in-depth discussion. Florian Schütz, Peter Hacker and Edith Graf-Litscher, founder of the parliamentary group on digital sustainability, discussed the topic ‘Focus: Current Trends in Cyber Security’ in Room 1. The panellists reported, on the one hand, on progress made in cooperation with other countries, in domestic policy and in the investigation of cybercrime; and, on the other hand, on numerous challenges in international cooperation and in the transformation process – both within society and in businesses.
In Room 2, Monica Ratte, Bettina Mavrommatis and Clélia Warunee Runtz provided insights into current NCSC projects and support services, including information on the mandatory reporting of cyber attacks on critical infrastructure – due to be introduced in April 2025 – the Cyber Security Hub, and the NCSC’s awareness-raising project on cyber security in the supply chain.
How Cyber Security Centres specifically strengthen sectors
Erik Dinkel and Sophie Nägeli used the healthcare sector as an example to explain how Cyber Security Centres (CSCs) can strengthen collaboration in the field of cyber security. Erik Dinkel explained why healthcare organisations are attractive targets for cybercriminals: a large volume of highly confidential patient data contributes to this, as does a highly complex and interdependent system landscape. Furthermore, a high willingness to pay is anticipated, as these institutions are concerned with saving lives. «Cooperation and collaboration are therefore essential for us,» said Dinkel.
Sophie Nägeli reported on how the CSC provides support: the aim is to fill gaps with services, pool resources and establish a standard in Switzerland. There is now an annual conference for the healthcare sector, monthly webinars to exchange best practices, and support groups for which the NCSC handles administrative tasks. Erik Dinkel described the networking among the 41 members as a great success. Involvement in the CSC is predominantly on a voluntary basis. His recommendation: start small, create added value and then grow.
Outlook for deeper collaboration
Patrick Scheurwater and Bettina Mavrommatis concluded the day by summarising the outcomes. «What matters is not just how well we are protected, but how capable we are of acting in an emergency,» said Patrick Scheurwater. In doing so, he emphasised the link to Markant’s corporate values – trust, cooperation and progress. Bettina Mavrommatis pointed out that CSCs provide sector-specific support. «I hope we do not view today as a one-off event, but as the start of a CSC in the industrial and commercial sector.» The next step will be to organise a sector roundtable to discuss cybersecurity issues in greater depth.