General crime in Switzerland has risen again – but particularly dramatically in the digital space. Cybercrime has more than doubled in just a few years and is becoming a key challenge for private individuals and companies. In view of this dynamic, preventive measures are essential. The following article analyses the current figures and shows how companies can protect themselves effectively.
The recently published police crime statistics from the Federal Statistical Office paint a clear picture: crime in Switzerland increased noticeably in 2024. A total of 563,633 offences under the Swiss Criminal Code were registered, which corresponds to an increase of around eight percent compared to the previous year. The development in the area of digital crime is particularly striking, and the increase in both the dynamics and substance of this crime poses new challenges for society, the state and, in particular, companies.
Since the start of digital recording in 2020, the number of offences committed digitally has more than doubled. In 2024, 59,034 offences of this type were registered – an increase of over 35% compared to the previous year. Over 90 per cent of these offences fall into the area of cyber-economic crime. The increase in phishing attacks ( 56.2 %) and the misuse of online payment systems, prepaid cards or unauthorised identities ( 104.8 %) is particularly striking. The latter is partly due to the introduction of the new Art. 179decies StGB, which criminalises identity fraud.
This development is not only an expression of technical and social transformation, but also manifests the increasing professionalisation of criminal actors in the digital space. Cyber criminals operate on a division of labour basis, across borders and with a high degree of adaptability to new security measures. For many of those affected – whether individuals or companies – a successful attack not only means material damage, but often also an irreparable loss of trust.
Statistics also show that 80% of all fraud offences in 2024 were committed using a digital means of crime. Fraud has therefore mainly shifted to the internet and now exploits technological vulnerabilities as well as human carelessness. For companies, this means a substantial threat situation that requires not only technical solutions, but also organisational and legal strategies.
Cybercrime is no longer a marginal phenomenon or a problem of individual sectors. Companies of all sizes are affected, from small businesses to international corporations. Attacks are often carried out via simple gateways: compromised passwords, inadequately protected interfaces or a lack of awareness among employees. The consequences range from production downtime and blackmail to reputational damage and civil and criminal liability issues. Preventive protection against cyber risks is therefore becoming a corporate duty – also in terms of compliance and governance.
Effective protection against cybercrime requires a holistic security concept that integrates technical, organisational and legal components. Technological measures such as firewalls, encryption or two-factor authentication are indispensable, but are not sufficient on their own. However, it is crucial that these tools are embedded in a consistent security management system that is continuously evaluated and updated. Once a security system has been set up, it quickly loses its effectiveness if it is not actively maintained and adapted to new threats.
The human factor remains particularly vulnerable. The majority of successful attacks begin with a simple phishing email or a manipulated link that is activated by a careless click. Companies must therefore systematically invest in training and sensitising their employees. This training should not only convey technical content, but also clearly communicate rules of behaviour and responsibilities. A one-off awareness campaign is not enough for this; rather, recurring, practical training is needed that simulates current attack scenarios and builds up the ability to react.
Another key aspect is the establishment of clear internal processes in the event of an emergency. Emergency and response plans – for example in the event of a successful ransomware attack or a data leak – must be defined in advance, documented and regularly rehearsed. This also includes the clear allocation of roles and responsibilities: Who decides on external communication? Who informs the authorities? Who documents the measures and ensures their traceability?
Contractual and organisational precautions also need to be taken. Companies should conclude data protection-compliant order processing contracts with all IT service providers, software providers and other external partners, regulate responsibilities and contractually stipulate security standards. Particular care should be taken when connecting third-party systems or using cloud services, as this often creates unnoticed interfaces for attackers. Regular security audits by independent third parties are also recommended – both for technical checks and to assess organisational resilience.
Finally, protection against cybercrime should also be anchored at company management level. Management not only bears strategic responsibility, but may also be liable under civil or criminal law in the event of inadequate prevention. Practising cyber compliance is therefore not just a question of IT, but of corporate governance. In practice, this means that cybersecurity must be regularly included on the agenda as part of risk management and provided with sufficient human, financial and structural resources.
At HÄRTING Rechtsanwälte, we provide companies with comprehensive support in the legal organisation of their cybersecurity. Our expertise ranges from reviewing contracts and training managers and employees to providing emergency advice in the event of specific incidents. In an increasingly digitalised risk environment, legal prevention is not a luxury, but a strategic necessity.
The sharp rise in cybercrime in Switzerland is a wake-up call. Anyone who takes security seriously today must invest not only in technology, but also in legal structures and human expertise.
Sources