Cyber incident reportings : common obligations within organisations

Cyber incidents, cyber-attacks and vulnerabilities are issues that affect everyone working in organisations. Their occurrence triggers various processes, including legal processes, especially in the form of obligations. These obligations include reporting obligations to various external bodies, sometimes in order to remedy a harmful event or to comply with its obligations and enable the authorities to carry out their duties.

The talk will address the main reporting obligations for organisations active in Switzerland and their modalities. The main reporting obligations in Switzerland are the reporting obligation cyber-attacks on critical infrastructures and the reporting obligation of personal data breaches. The talk will consist in sharing what they entail and briefly looking at other obligations that may be parallel, in order for the audience to understand what exists in Switzerland, how every person in an organisation can help on its own scale help the organisation to manage legal duties and how the conformity to these obligations can help to increase organisations’ resilience.

A presentation such as this is important to enable the various people involved in organisations 1) to understand the issues at stake in terms of information flows, 2) to be aware of everyone’s obligations (e.g. in terms of documentation and information sharing), 3) to improve exchanges and understanding between different professions, and to increase trust and resilience of organisations.