U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Switzerland’s NCSC requires cyberattack reporting for critical infrastructure within 24 hours

Switzerland’s NCSC mandates critical infrastructure organizations to report cyberattacks within 24 hours of discovery. Switzerland’s National Cybersecurity Centre (NCSC) now requires critical infrastructure organizations to report cyberattacks within 24 hours due to rising cybersecurity threats. The new policy related to security breach notification is introduced as a response to the increasing number of cyber incident. […]

Switzerland's NCSC

Switzerland’s NCSC mandates critical infrastructure organizations to report cyberattacks within 24 hours of discovery.

Switzerland’s National Cybersecurity Centre (NCSC) now requires critical infrastructure organizations to report cyberattacks within 24 hours due to rising cybersecurity threats.

The new policy related to security breach notification is introduced as a response to the increasing number of cyber incident.

“In view of the increasing threat of cyber incidents, Switzerland is introducing a reporting obligation for cyberattacks on critical infrastructure. Operators of critical infrastructure will be required to report attacks to the National Cyber Security Centre (NCSC).” reads the announcement published by the NCSC. “The Federal Council has decided that the amendment to the Information Security Act (ISA) of 29 September 2023 will enter into force on 1 April. The ISA stipulates that authorities and organisations subject to the reporting obligation, such as energy and drinking water suppliers, transport companies and cantonal and communal administrations, must report cyberattacks to the NCSC within 24 hours of discovery.”

The Swiss authorities require critical infrastructure organizations to report attacks against critical infrastructure, including data breaches, blackmail, coercion, and manipulation or leakage of information. The announcement states that organizations that will not report the incidents may result in fines.

Switzerland has approved the Cybersecurity Ordinance, effective April 1, 2025. It regulates the reporting obligation for cyber attacks on critical infrastructure, setting exceptions and procedures. The NCSC manages reporting and coordinates information exchange between authorities and organizations. The consultation showed broad support for strengthening cybersecurity, with a focus on simplifying reporting obligations and aligning them with other regulations.

A grace period runs until October 1, 2025, after which non-compliance may result in fines up to CHF 100,000 ($114,000).

Impacted organizations must report cybersecurity incidents to the NCSC within 24 hours via an online form or email, with a detailed follow-up due in 14 days.

Switzerland’s new cyber incident reporting requirement aligns with international standards, enhancing information exchange to counter evolving threats.

The list of all entity types that are impacted by this new requirement is available here.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Switzerland’s NCSC)