Approved by the Federal Council on March 7, this measure is part of the revision of the Information Security Act (LSIn) and represents a decisive step towards strengthening national cybersecurity.
The obligation applies to key players such as energy suppliers, transport companies, and cantonal and municipal public administrations, who must notify the Federal Cyber Security Office (UFCS) of any detected cyberattack within 24 hours of its discovery. Reporting becomes mandatory if the incident compromises infrastructure functionality, results in data loss or manipulation, or involves crimes such as extortion or threats.
Private companies and cybersecurity: Being prepared is already a strategic imperative
Although mandatory reporting currently applies only to critical infrastructure, private companies cannot afford to feel exempt. Adopting a proactive approach to cybersecurity right away is, in fact, a strategic choice.
Establishing clear internal procedures for incident management and promptly reporting any attacks to the competent authorities is a best practice that not only swiftly limits damage but also contributes to the collective security of the economic fabric, promoting a coordinated response to threats. It’s not inconceivable that this obligation may be extended to the private sector in the future; being prepared remains the best form of protection.
Preparedness, however, is not merely a technological issue. In an environment where cyber threats are increasingly sophisticated, the true strength of a company lies in its ability to build internal awareness.
Data protection—whether corporate, customer, or partner data—is no longer purely an IT issue, but a fundamental element for a company’s sustainability and reputation. That’s why, beyond effective defense tools, investing in employee training becomes essential.
These aren’t just theoretical courses, but interactive and engaging security awareness programs, designed to make every employee an active participant in protecting the company. Because ultimately, the first real barrier against cyberattacks will always be people’s awareness.
The role of 4IT Solutions: security by design and targeted training
In this constantly evolving scenario, 4IT Solutions stands alongside businesses with an approach that places security at the heart of every service. Our managed IT services—from data protection to infrastructure and workplace solutions—are designed with “security by design” to ensure operational continuity, regulatory compliance, and maximum protection of sensitive information.
But we don’t stop at technology alone. We also support our clients through the most strategic journey: building people’s awareness. We offer customized security awareness programs designed to make teams more aware, prepared, and responsive to digital threats.
We firmly believe that only the combination of robust technologies and well-trained employees is the true way to build resilient companies, both today and tomorrow.
