ISG Provider Lens™ Cybersecurity – Solutions and Services - Extended Detection and Response - Switzerland 2025

Swissness and disruptive technologies characterize the Switzerland cybersecurity market

The threat to companies in Switzerland is increasing due to more frequent, sophisticated, complex and versatile cyberattacks. The shortage of qualified cybersecurity specialists is exacerbating the situation and, at the same time, boosting the demand for external services. New technologies promote cyberthreats, but they also offer new business opportunities for service providers. Service providers that can also score points with Swissness and understand the requirements of different target groups are preferred.

In terms of cybersecurity, those responsible in companies in Switzerland are currently facing various challenges. The increased cyberthreats and, of course, the long-term trend toward digitalization have led to increased attack surfaces for cyberattacks in Switzerland, which require appropriate countermeasures.

In the course of digitalization, business processes are increasingly being shifted to IT. In addition, intellectual company property is increasingly being represented digitally. With the increasing need to protect IT and communication systems, IT security has evolved into corporate security. The widespread use of home offices in Switzerland and the resulting external connection of employees makes IT systems more vulnerable to attacks.

In addition to digitalization and increased remote working, the increasing provision of resources from the cloud has led to greater vulnerability of IT systems and, as a result, to an increasing relevance of the zero-trust approach. Perimeter security is no longer enough. The principle of never trust, always verify means, among other things, mutual authentication and continuous monitoring of the network.

There have been a number of severe cyberattacks in the recent past — manifest evidence that cybercriminals are implementing new, more sophisticated and more complex methods at ever shorter intervals to overcome the cyberdefense systems of companies and authorities in Switzerland. However, less prominent attacks, such as ransomware, are also causing more and more companies problems. Accordingly, cybersecurity measures must be completely up to date. Companies and authorities in Switzerland are increasingly overwhelmed by this, not least due to the shortage of cybersecurity specialists. As a result, IT managers are increasingly commissioning external  services, for example, via security operations centers. These providers, as well as many IT security product providers, are increasingly relying on proactive rather than reactive methods based on AI, for example, to keep up with the threats themselves.

In addition to the company’s own protection, legal regulations are also forcing companies in Switzerland to implement stronger security measures to prevent cyberattacks. This applies, in particular, to data protection, which is a top priority in Switzerland. The assets of the big banks based here are heavily linked to data. In addition, there is generally greater trust in Switzerland’s own resources. This attitude has been further strengthened in recent years
by the questioning of the data protection agreement with the U.S. As a result, providers of IT products and services that create their offerings in Switzerland (known as Swissness) are attracting greater interest. This applies in particular to the operation of solutions, e.g., cloud solutions and security operations centers. Midsize companies, in particular, attach great importance to Swissness, and they also have to contend with legal (data protection) requirements.

Midsize companies in Switzerland are an attractive market segment for cybersecurity providers. Overall, their cybersecurity systems are less mature than those of large companies, but they are forced to upgrade them due to the factors described above. As a result, they have a lot of catching up to do and are, therefore, experiencing above- average growth in demand for cybersecurity solutions. It is even more advantageous for providers to have a balanced client structure of large companies and SMEs to benefit from the large budgets of large accounts.

The Switzerland SME sector, with its aboveaverage growth in demand, is an increasingly attractive market segment that also needs to be adequately addressed. It is not enough to simply offer midsize clients a service for large clients. Rather, the entire go-tomarket approach — products, prices and communication — must be adapted to these clients. Communication and cultural aspects are particularly important to be accepted by SMEs as a provider that takes
this segment seriously.

Despite the great importance of IT security, IT managers are once again increasingly struggling with the task of legitimizing investments in cybersecurity vis-à-vis company stakeholders, especially the financial manager. In contrast
to other IT projects, it is not always possible to prove the profitability of cybersecurity investments; quantifying threat risks is not easy either. However, it is clear that managers are increasingly recognizing that cyberattacks can lead to massive — and possibly existential — financial and reputational damage. As a result, IT security is becoming increasingly important for companies in Switzerland, and senior management is becoming more involved in cyber risk management.

Experience shows that the cause of cybersecurity incidents is often not (solely) on the technical side. Numerous attacks are facilitated by careless user behavior, such as Trojan and phishing attacks. In addition to up-to-date IT security equipment, advice and user training, therefore, continue to play an important role.

Advice is also increasingly in demand with regard to current and new technical threats. The need for advice is growing with regard to AI-based threats and solutions; this applies in particular to quantum-based attacks. They represent a new quality in attacks on the encryption of confidential data, which has now become much more urgent. While it was previously assumed that technical developments would leave time for concrete countermeasures until the end of the decade, this has changed due to new criminal strategies. With the harvest now, decrypt later approach, it has now become clear that data protection in the form of encryption needs to be reviewed and, if necessary, strengthened
more urgently than previously assumed. As a result, the number of service providers that have adapted their advice to this new type of threat and opened up a new area of business has increased significantly over the last two years. In Switzerland, these advisory services are primarily used by insurance companies and banks, as their assets consist of virtual assets, and they want to be prepared for new threats at an early stage.

Strategic Security Services

The situation with regard to cybersecurity threats in Switzerland continues to become more threatening. It is no longer just the wellknown large companies and authorities that are affected, but increasingly also small and midsize
companies. At the same time, the shortage of IT specialists continues to make this situation more difficult.

Midsize companies, in particular, are facing a particularly severe shortage of IT security specialists. SMEs are, therefore, an aboveaverage growing and increasingly attractive market segment.

Technical Security Services

Increasingly intensive, sophisticated, complex and constantly new cyberattacks are putting companies in Switzerland at risk. This situation is made even more difficult by the lack of cybersecurity experts. As a result, companies are increasingly reliant on external service providers to keep their IT security systems up to date.

Cybersecurity projects are often diverse and demanding. Service providers that can offer a broad range of technical security services from a single source, therefore, have a particular advantage here.

Managed Security Services — SOC

In Switzerland, the demand for managed detection and response (MDR) services and services provided by security operations centers (SOCs) is growing strongly. This growth is being driven by increasingly frequent, complex and versatile cyberattacks. In addition, the shortage of qualified specialists and the need for specialist knowledge that is always up to date are pushing SOC and MDR services into the focus of companies in Switzerland.

Large and especially midsize clients appreciate SOCs with a location in Switzerland due to the increasingly important aspect of data protection; Swissness is particularly important when it comes to the operation and provision of SOC services. For both market segments, end-to-end security services, integrated solutions comprising IT and associated security solutions and a high level of innovation are also important to stay ahead in the race against cyber criminals.

Managed security service providers are increasingly using AI and automation to deal with increasingly complex and diverse cyberthreats. A combination of machine efficiency and comprehensive human expertise is proving to be ideal.

Access to the full report requires a subscription to ISG Research. Please contact us for subscription inquiries.