EN

Cybercrime in Switzerland: Who is being attacked and how?

Cybersecurity 17:07

Add to bookmarks Remove from bookmarks
Author

Statistics on the behaviour of cyber criminals provide interesting insights into the current dangers in the digital space. Private individuals and companies are affected by different forms of attack than the critical infrastructure. This text shows trends and an interactive graphic enables in-depth analyses of cyber incidents over time.

The hacker stereotype is deceptive: attacks on private individuals and SMEs are not dominated by hacking, but by cyber fraud, with almost 40,000 cases in 2025. Image: Kevin Horvat, Unsplash.

Translated by an automated translation plugin.

The most important points at a glance

  • Cyber fraud dominates the crime statistics with almost 40,000 recorded cases in 2025 - far more than all other cybercrimes combined.
  • Phishing has increased fivefold since 2021 and reached over 7,400 cases in 2025; CEO fraud is a particularly topical variant.
  • Critical infrastructures are attacked differently: Hacking (20%) ranks first among them, followed by theft of access data, DDoS attacks and malware. Public administrations (25%), IT and telecommunications providers (18%), the financial and insurance sector (16%) and energy providers (12%) were most affected.
  • Mandatory reporting since April 2025: Operators of critical infrastructure must report cyberattacks to the BACS within 24 hours; 145 such incidents were registered in the second half of 2025.

At the end of March, two sources of data on cyber threats in Switzerland were published in parallel: the police crime statistics and the semi-annual report of the Federal Office for Cyber Security (BACS). Although both sources deal with cyber incidents at first glance, they cover different areas and are not directly comparable. However, this is precisely why it is interesting to look at the two statistics together.

Police crime statistics use the collective term cybercrime to cover offences committed in the digital space - i.e. involving telecommunications networks or the internet. These offences are broken down into the following categories depending on how they were committed:

  • Cyber economic crime
  • Cyber sexual offences
  • Cyber defamation of character and dishonest behaviour
  • Illegal trade on the darknet
  • Data leaking

A look at the figures (see interactive graphic below) makes it clear that the vast majority of incidents can be attributed to cyber economic crime. It is also this category that is responsible for the continued steep rise in cybercrime cases up to 2024, which has levelled off at a high level since then. The number of cases in the remaining categories has either remained constant over time (cyber sexual offences), declined slightly (cyber defamation of character and dishonest behaviour) or remained volatile at a very low level (illegal trading on the darknet and data leaking). Regardless of the category, it is likely that not all actual offences were reported, with the number of unreported cases varying greatly depending on the category(FSO 2026).

Click through the cybercrime statistics

The interactive chart on cybercrime statistics allows you to browse the data according to your interests. This is how it works:

  • Click on the hatched areas to see the corresponding subcategories
  • Click on the white area in the diagram or the navigation path to return to the next higher category
  • Categories of the current level can be shown or hidden by clicking on the respective legend boxes. If the number of cases is small, the areas are initially not recognisable. As soon as categories with large numbers of cases are hidden, those with few incidents can be better analysed.
  • By placing the cursor on the individual areas, the case numbers and - below the graphic - the definition of the respective category are displayed.

Facets of cyber-economic crime

When analysing the figures for economic cybercrime, it is noticeable that "hacking" - a term that is often still used colloquially as a synonym for many cybercrimes - is ultimately much less significant than phishing, for example. The latter category, which encompasses strategies for acquiring personal or confidential data in an unauthorised manner, also shows the most significant increase across all offences. The number of cases has increased fivefold since 2021 to over 7,400 cases in 2025.

In terms of volume, however, another subcategory of cyber white-collar crime outstrips all other offences: cyber fraud. The almost 40,000 offences recorded in this category in 2025 include offences as diverse as the misuse of online payment systems or foreign identities, fraud with classified ads or fake real estate ads, romance scams and the currently rampant CEO fraud (see box).

CEO fraud: SMEs called upon to act

The BACS also regularly warns against this scam. To prevent an incident as far as possible, BACS recommends setting up the following technical and organisational hurdles:

  • Four-eyes principle or collective signature for payments or changes to master data.
  • Verification via a second, already known channel, for example by means of telephone verification of a payment request.
  • Do not grant any exceptions in existing processes, even if instructions come directly from the C-level.
  • Configure email servers so that emails from external senders are labelled as such in the subject line. This prevents the risk of confusion.

Different goal, different offence

A comparison of the figures in the cybercrime statistics with the voluntary reports of cyberthreats by the public and businesses contained in the BACS semi-annual report reveals similar trends. Here too, cyber fraud and phishing are responsible for the majority of cases.

However, the BACS figures are particularly interesting when looking at the first reportable cyber incidents. Since 1 April 2025, operators of critical infrastructures such as energy or drinking water supply organisations, transport companies and cantonal and municipal administrations have been obliged to report cyber attacks to the BACS within 24 hours of their discovery.

This shows that hacking is the most common type of attack on critical infrastructure (20%). In addition, the theft of access data (14%), DDoS attacks (13%), i.e. attacks on the availability of an infrastructure, and the use of malware (11%) also play important roles.

Finally, it is interesting to see the distribution of the 145 reportable cyber incidents in the second half of 2025. The most affected were public administrations (25%), IT and telecommunications providers (18%), the financial and insurance sector (16%) and energy providers (12%).

Those who know the methods can protect themselves

This brief data analysis makes it clear that SMEs and private individuals are not affected by the same types of attack as operators of critical infrastructures. What they all have in common is that they should inform themselves about possible threats and be aware of the current methods used by cyber criminals. This is the only way to take the necessary security precautions. A reliable source of information in this regard is the BACS, which provides specific information for private individuals, companies and authorities.

Contributors

Role Title + Name
Text by Tobias Schlegel