Cybersecurity Focal Points 2025

This article marks the start of our four-part series on the cybersecurity topics that have been of particular interest to us this year. We begin with topics relating to governance, strategy and culture, and the following three topics have been with us for some time and were also important this year: third party risk management, choosing the ideal SOC model and determining the current status of information and cyber security.

Third Party Risk Management – Out of sight out of mind?

An attack on an IT service provider has dramatically demonstrated how far-reaching supply chain risks can be. A customer of the IT service provider was compromised. This enabled the attackers to penetrate the IT service provider’s infrastructure and subsequently attack the infrastructure of all its customers. This included our customer, a traditional Swiss SME. They paralyzed central systems with ransomware and brought our customer to the brink of bankruptcy. Our customer was lulled into a false sense of security: the IT had been outsourced to a trusted service provider, backups were in place and cyber insurance was also in place. As the entire infrastructure had been compromised, the backups were also gone. As there was also no offline backup, there was a risk of complete data loss and therefore bankruptcy. Fortunately, it didn’t come to that, because we were able to decrypt the data, clean it up and restore and simultaneously harden the infrastructure in conjunction with the previous service providers. After just over a week, the majority of the systems were up and running again.

Outsourcing IT to a professional service provider often gives the impression of security - but this is deceptive. FINMA recently found that suppliers and service providers were involved in more than half of cyber attacks.

In order to prevent IT risks, targeted selection and active management of suppliers is necessary. We have supported numerous clients in establishing processes and specifications for supplier management from a cybersecurity perspective and in evaluating and monitoring service providers. In a blog article last year, we discussed in detail the risks lurking in the supply chain, how to reduce them and what to look out for when auditing service providers.

The organization of a hybrid SOC

A Security Operations Center (SOC) is used to monitor systems and detect incidents at an early stage in order to be able to react quickly. Many companies outsource their SOC to a Managed Security Service Provider (MSSP). This often happens because they lack the internal resources or expertise. However, this is not enough: the external service provider must be integrated into the internal organization and processes. A form of hybrid SOC is therefore required.

According to Gartner, 63% of companies already use a combination of internal teams and external resources. The advantages are obvious: internal specialists retain process sovereignty, know the systems, have domain expertise and make the necessary decisions in the event of an incident, while external analysts triage alerts around the clock, track threats and take the pressure off the workforce. For a hybrid model like this to work, however, certain conditions must be met.

For some years now, we have been helping clients to lay the foundations for outsourcing all or part of their SOC. This includes, in particular, aligning the internal organization so that collaboration between internal teams and external specialists functions smoothly. Among other things, this includes training, clearly defined responsibilities, interfaces, elaborated processes and decision-making and escalation levels. Particular attention must also be paid to the selection of the external partner and the definition of the appropriate offer with the associated contractual provisions.

Current Profile as a starting point

Evaluate the current profile is the first step towards greater cybersecurity and traditionally also answers the questions of where the organization stands today and where the greatest risks exist. The central question here is “Are we sufficiently armed against cyber risks?”. Internal departments often find it difficult to ask the necessary questions.

An independent assessment can help here. With the help of a proven standard, such as the ICT minimum standard or the NIST Cybersecurity Framework, technical, organizational and procedural aspects of information security are systematically analyzed and the current profile of the organisations cybersecurity defined. The aim is to record the current level of maturity and objectively assess the existing risks.

What we observe time and again is that all controls of a framework are lumped together. Prioritization from the perspective of the company and its individual threat situation is an important step. Not every control is equally important for every company.

In our mandates, we often do not stop at analysis. Based on the identified risks, we develop clear, risk-based recommendations for action. The focus is on ensuring that companies deploy their resources where they can achieve the greatest effect, i.e. where the greatest risk reduction can be achieved with reasonable effort.

The result is a prioritized roadmap that shows which measures should be taken and in what order, taking into account the available resources.

This approach has proven itself many times over in our mandates. Companies not only gain clarity about their security status, but also a sound basis for making decisions on targeted measures and investments. The result: resources are used optimally and risks are effectively reduced.

Conclusion and invitation to exchange ideas

Our experience shows: The most effective security strategies are created when technical solutions, practiced responsibility and clear priorities come together. Whether it’s the right approach to service providers, a suitable SOC model or the strategic prioritization of measures - the key is to gain clarity about the right steps at the right time.

Are these topics also on your mind? Then get in touch with us and arrange a free initial consultation with our experts. Together we will find out whether and how we can best support you.