Swiss critical sector faces new 24-hour cyberattack reporting rule

Switzerland's National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery. According to the NCSC announcement, this new requirement is introduced as a response to the increasing number of cybersecurity incidents and their impact on the country. Examples of types of cyberattacks that will have to be reported include: Cyberattacks that jeopardize the operation of critical infrastructure Manipulation, encryption, or exfiltration of data Extortion, threats, and coercion Malware installed on systems Unauthorized access to systems The mandate is introduced via an amendment to the Information Security Act (ISA), which will go into effect on April 1, 2025. The law applies to critical service providers such as utilities, local government, and transportation organizations. "The Federal Council has decided that the amendment to ... Read full article.