Minimize cyber risks by raising awareness among the public and the business community
Submitted text
The Federal Council is already aware of various information channels that make people aware of possible misconduct in the context of cyber risks, such as the Cybercrime Unit at the Fedpol or the Swiss Crime Prevention, which lists useful information on security on the Internet on its website. In the second report on the National Strategy for the Protection of Switzerland against Cyber Risks (NCS) 2018 – 2022, the Federal Council proposes to strengthen communications. Not considered by the Federal Council is a national prevention campaign. I therefore ask the Federal Council to answer the following questions:
1. would a prevention campaign help to reduce cyber risks?
2. is there a need to launch a national prevention campaign to raise awareness among the population and businesses?
3. could such a campaign be carried out with existing resources? Could fedpol take on such a task?
Justification
Cybercrime is becoming an ever-increasing problem for individuals and especially for businesses. According to the latest figures, 88 percent of companies fall victim to cyber attacks every year. With increasing digitalization and more and more devices connected to the Internet (Internet of Things), cyber risks are constantly on the rise. The private sector is working at full speed on solutions to minimize these risks. However, even with the latest technical improvements, cyber risks can never be completely eliminated. Because, as many studies also prove, the human being is still the weakest link in the chain and thus the greatest security risk. This has to do with the fact that many people are unaware of the Dangers in the digital space unaware are. Only through a Adaptation of human behavior it is possible to significantly reduce cyber risks. What is meant are preventive behavioral measures that must be taken by companies as well as individuals. The federal government must therefore assume responsibility for providing targeted information to inform citizens, but also companies and the people responsible there, about these risks and thus minimize the costs to the economy as a whole.
Statement of the Federal Council
The Federal Council shares the view that raising awareness among the population and companies is an important element in protection against cyber risks. In the National Strategy for the Protection of Switzerland against Cyber Risks 2018 – 2022, it therefore also sets itself the goal of increasingly conducting such information and prevention campaigns together with the associations, organizations and authorities already active in these areas.
The Federal Council comments on the questions as follows:
1. prevention campaigns are an important tool for mitigating cyber risks. To be effective, they must be as precisely to the very different target groups and their needs. be aligned. Children and young people need to be addressed differently than adults, and companies face different, often more complex, challenges than the general public.
2. the still inadequate protection of many systems and data shows that Need to raise awareness of cyber risks exists. However, because the need varies greatly depending on the target group, the Federal Council believes that awareness-raising should not be achieved by a single national, but by Several targeted campaigns carried out jointly with business and society should be improved.
3. the Funding requirements for increasing awareness among the population and the business community through targeted campaigns will be elicited together with partners from the business community and society as part of the implementation planning for the National Strategy to Protect Switzerland from Cyber Risks (NCS). When allocating responsibility for campaign implementation, it is important to distinguish between preventive measures against cybercrime and awareness-raising with regard to information security. An important element in both cases is a coordinated approach of all the agencies involved. In the area of cybercrime, this is done via the Cyberboard, of which fedpol and Swiss Crime Prevention (SCP) are also members. In the area of information security, other agencies are responsible, for example the Reporting and Analysis Center for Information Assurance (MELANI) or the Federal Intelligence Service with its Prophylax prevention campaign. The coordination of these campaigns and the coordination of their content with the prevention measures in the area of cybercrime will be carried out by the newly created cyber security competence center in the FDF.