Cyber Security Report 2020

Cyber Security Report 2020

Learn more about cyber security at SIX and download the new Cyber Security Report 2020.

Joining Forces in Cyber Security

Swiss banking has existed since the end of the 14th century. With the emergence of the modern banking system from 1850 onwards, our strengths became increasingly apparent: stability and security. Today, in the 21st century, these strengths are more important than ever. Cybercrime is considered one of the most important operational risks in our industry. As a financial center, we must therefore join forces. Cooperation is key. When it comes to cyber security, we must not make any distinction between large and small or bank and insurance. We must act together. We at SIX are prepared to support all the players in Switzerland in their efforts.


The Cyber Security Report 2020

90+ 90+
members of the SIX Cyber Security Hub participated in the survey
8 8
countries surveyed
4719 4719
cyber attacks reported in the surveyed countries in Q1 2020

Key Findings

The overall number of attacks observed remains comparable to the level reported in last year’s report.

An increase in observed cyber attacks occurred during the onset of the COVID-19 pandemic in March.

The most frequently observed attack methods are generally the same across all assessed countries.

The Swiss financial sector continues to see a very low number of cyber attacks compared to other countries.

The rapid changes caused by digitization and the corresponding need to rapidly adapt IT architecture are viewed as the greatest challenges to maintaining cyber security in Switzerland.

According to various Swiss financial institutions, the cyberattacks that they find themselves at risk of most are phishing, malware, and ransomware.

Overall Findings

The financial sector is an attractive target for cyberactors, given the potential access to financial assets and highly sensitive client data. Due to these factors, the financial sector is targeted by many types of cyberactors, from hacktivists with little capabilities, to opportunistic attackers leveraging malware bought in underground forums, to highly sophisticated state-sponsored actors. At the same time, the attack surface of financial institutions continuously increases, due to a larger need for digitization and demand for online services. These developments, which were observed in previous years, were further accelerated and exacerbated by the onset of the COVID-19 pandemic. Within weeks, organizations shifted to remote working and customers relied more than ever on online banking applications, creating new targets for malicious cyberactors.

Detailed Results: Switzerland

Over previous years, the number of cyberattacks at Swiss financial institutions has been consistently low and much lower compared to any other country analyzed in this report. In 2020, the number of cyberincidents increased compared to the previous year (see Figure 15). The observed incidents were high, especially in January, March, and April.

In the ITU Global Cybersecurity Index 2018, Switzerland is ranked at number 37 globally, which is lower than any other country analyzed in this report. The Swiss federal government has seemingly acknowledged this shortcoming and is investing in improving the country’s cyber security situation.

Given these factors, and with Switzerland being one of the most attractive banking destinations while having a potential lack in cyber security capabilities, the low number of observed attacks is surprising.

The Cyber Security Report 2020 analyzed the cyberthreat landscape pertaining to the Swiss financial sector over the previous twelve months. The findings in this report are partly based on confidential interviews with 53 cyber security executives of Swiss financial institutions conducted in July 2020, as well as on open and closed source analysis.

Respondents to our survey rated that threats, which fall within the category of cyber attacks, were the top cyber security challenges to the Swiss financial sector in the previous year. This was followed by threats within the categories Security Architecture and Risk management (see Figure 16).

Detailed Results: United Kingdom

London is a financial hub in Europe, with the largest European stock exchange, the largest bank in Europe (HSBC Holdings), and three UK banks out of Europe’s top ten largest banks. The financial sector of the UK is regulated by the Prudential Regulation Authority (PRA) and in terms of cyber security the UK is ranked in first place internationally by ITU, due in large part to strong performance in the ITU’s organizational and regulatory pillars. According to a recent survey by the UK government, the financial sector identified cyber security as a very high priority. Additionally, the lowest ratio of cyberincidents to breaches was recorded in the UK, potentially indicating a high capability in mitigating attacks. However, the highest recorded total loss by one organization was recorded by a UK financial services firm, which amounted to EUR 94 million.

Based on our data set of observed incidents and filtered for data points with attack methods included, Ransomware was the most popular attack method, used in over 70% of incidents (see Figure 3). This was followed by Phishing and SQL Injections.