- Information SECURITY
Companies Must Act Now
The 2025 situation report of the Swiss Federal Intelligence Service (NDB) sends a clear message: the threat posed by espionage activities in Switzerland has reached a new level. For decades, Switzerland has been an attractive operational environment for foreign intelligence services. However, according to the latest report, not only does the extent of these activities remain high—it is increasing significantly. The NDB explicitly confirms that the activities of banned intelligence operations have reached a new degree of sophistication. Particularly affected are companies with strong innovation, international networks, or critical infrastructure relevance.
At the same time, the NDB warns of an increasingly hybrid threat landscape, in which state-sponsored actors may deliberately target critical infrastructures. While no direct cases of state-led cyber sabotage have been observed in Switzerland so far, the report highlights that power dynamics and geopolitical goals are clear drivers of potential attacks—also against Switzerland. Both Swiss interests and those of neighboring European countries may become targets if their infrastructure is operated or hosted within Swiss territory.
What Does This Mean for Swiss Companies?
Organizations with digital business models, international supply chains, or a role as a cloud hub for third countries are particularly exposed. The challenges surrounding cross-border data processing and third-country access are central. The concrete risks and ways to address them are explained in detail in our article “Third Country Intercept Risk in the Cloud.”
But the threat is not limited to technology or financial firms—it concerns all organizations whose information, systems, or personnel could become a potential target.
Defense against espionage does not begin at the national border—it begins with your own physical, logical, and personnel security posture.
Pragmatica Offers Targeted and Proven Support in Three Critical Areas:
Insider Threat and Risk Management
The new perimeter is called Access!
Risks stemming from insiders are among the most underestimated dangers. We help you systematically and risk-orientedly identify and address potential threats from employees or closely associated third parties such as service providers or outsourcing partners. This includes measures for physical and logical access control, risk-based personnel security processes (e.g., identifying functions with higher integrity requirements), and preventive awareness programs across all relevant organizational, process, and personnel security areas.
Third Party Security Risk Management
The chain is only as strong as its weakest link.
Suppliers, external IT service providers, and strategic partners can become gateways and multipliers for intelligence activities related to illicit information gathering by private, parastatal, or state actors.
With our support, you can establish structured third-party risk governance, conduct security due diligence, and implement interlocking control mechanisms that are both regulatorily sound and operationally effective.
Use Case:
Third Country Intercept Risk in der Cloud
Daten reisen grenzenlos – Risiken auch.
In cloud environments, the risk of unwanted data access by third countries increases. The issue of third-country access—meaning access to Swiss or European data by authorities in countries outside the GDPR’s jurisdiction—is no longer theoretical. It can only be partially mitigated by the EU–US Data Privacy Framework.
It must be assumed that, with respect to foreign intelligence collection by third countries, such agreements have little to no effect, as they typically lose out in the balancing of state interests.
Before embarking on or continuing a “journey into the cloud,” a thorough, security risk–based analysis (Security Risk-Based Data Transfer Impact Analysis – SRB-DTIA) must be conducted.
Our cloud security experts can then analyze your exposure, assess legal and technical control options, and support you in implementing concrete measures to reduce this risk.
Why Pragmatica?
We combine deep expertise in information and cyber security with regulatory know-how and methodological excellence. Our consulting approach is practical, focused, and tailored to your organizational context. We draw on extensive experience from security-critical transformation projects across the financial industry, healthcare sector, and public administration.
Conclusion: The new threat landscape demands decisive action.
We help you adapt your overall security posture — physical, logical, and personnel — to today’s challenges through a modular, proportional, and results-driven approach built around your specific needs.
You have Questions?
We would be pleased to support you and your organization on the path to greater security.
Contact us for a confidential initial consultation and a first assessment of your security posture.
Sources
- «Sicherheit Schweiz 2025»: Globale Konfrontation hat direkte Auswirkungen auf die Schweiz. (n.d.). https://www.vbs.admin.ch/de/ndb-sicherheit-schweiz-2025
Weitere Topics
Switzerland in the Crosshairs of Foreign Intelligence Services
The 2025 situation report of the Swiss Federal Intelligence Service (NDB) sends a clear message: the threat posed by espionage activities in Switzerland has reached a new level. For decades, Switzerland has been an attractive operational environment for foreign intelligence services. However, according to the latest report, not only does the extent of these activities remain high—it is increasing significantly. The NDB explicitly confirms that the activities of banned intelligence operations have reached a new degree of sophistication. Particularly affected are companies with strong innovation, international networks, or critical infrastructure relevance.