Can only well-financed adminstrations afford cybersecurity?

The Swiss Federal Statistical Office recorded 33,345 cases of cybercrime in Switzerland in 2022, which equates to almost 100 cases every day! The risks are well known at national and cantonal level, and talks have been held at various levels on joint cybersecurity projects, but progress has been quite slow. Hackers are not waiting, nor are they sparing municipalities – as highlighted by several recent attacks that have attracted a lot of media attention. 

This article explores the real cost of cybersecurity for municipalities and provides an insight into how to balance the budget, while maintaining strong protection. 

The hidden costs of poor cybersecurity 

Before considering the costs of cybersecurity measures, it’s important to understand the consequences of a cyberattack, which can far exceed investment in cybersecurity. 

• System failure: Cyberattacks can cause system failures and disrupt essential services and operations, leading to a loss of productivity and revenue. Even after technical system recovery, crisis management will absorb various resources for several weeks: communication with the public authorities, media, insurance companies and the general public. This is “lost” time that cannot be allocated to other tasks. 

• Data recovery: Re-establishing operations after an attack often involves significant costs for data recovery, system restoration and sometimes even ransom demands in the event of ransomware attacks – although paying these isn’t recommended. 

• Complying with regulations: The Swiss public authorities must comply with data protection regulations, and failure to do so can lead to severe fines and penalties.  

• Reputational damage: Public authorities rely on trust and credibility. Cybersecurity incidents can damage your reputation and cause a loss of confidence amongst citizens and stakeholders. 

Balancing your municipality’s cybersecurity budget 

Here are some key measures to enable municipalities to manage cybersecurity costs efficiently: 

1. Risk evaluation:

Carry out an in-depth assessment with your IT specialists to identify the major threats and vulnerabilities requiring immediate attention. This will allow you to allocate resources efficiently.  

2. Prioritize cybersecurity when budgeting:

Assign some of your budget specifically to cybersecurity. This investment will protect your operations and sensitive data. 

3. Regular updates and patch management:

Outdated software and unpatched vulnerabilities provide points of entry for cyberattacks. Carry out regular updates and patches on all software and systems in your IT environment. Automated patch management tools can improve the efficiency of this process, reducing the risk of human error.  

4. Invest in cybersecurity training:

Your employees can be your greatest asset, but also your biggest vulnerability when it comes to cybersecurity. While training is a cost, making your staff aware of best practice for cybersecurity is vital. Well-informed staff are often the first line of defence.  

5. Outsourcing of cybersecurity:

If you’re a small organization, it may well be worth outsourcing some cybersecurity tasks to third-party experts, which is more efficient and less expensive than hiring one or two internal cybersecurity specialists. The minimum requirements are: 

• An IT specialist capable of managing and updating your infrastructure 
• A contact person for IT security and data protection (CISO as a service or DPO as a service) to respond to valid security alerts 
• A cybersecurity attack monitoring service to identify suspected attacks being carried out

6. Collaboration and information sharing:

Cooperate with other authorities at your level and share information on emerging threats and best practices. This will help to cut costs and improve overall security. 

An affordable first line of security for monitoring  

While people often think initial cybersecurity costs are high, affordable solutions are available, and the consequences of overlooking security can result in much greater damage, both financially and reputationally. By prioritizing cybersecurity in your budget, implementing pragmatic solutions and establishing a security-aware culture, municipalities can improve their security significantly. Prioritizing cybersecurity ultimately represents an investment in your citizens’ security and confidence and in your organization’s continued success. 

Look for efficient solutions that meet your requirements and can be developed in line with your needs. Incident monitoring solutions, including phishing alerts when a user clicks on a link, or solutions that detect links to malicious URLs are available. Our security specialist Hacknowledge provides a monitoring service tailored to small entities (up to 15 employees). This will provide your administration with a guaranteed first line of defence. 

Finally, cybersecurity is an ongoing process. Regularly review and update your cybersecurity strategy so you can adapt to emerging threats and technology.

Our security specialist Hacknowledge provides a monitoring service tailored to small entities (up to 15 employees). This will provide your administration with a guaranteed first line of defence.