By Christian Martin
Swisscom’s 2026 Threat Radar, NCSC incident data, and the Federal Intelligence Service converge on one conclusion: Switzerland’s critical infrastructure is under near-daily digital assault, with consequences that reach across the European continent.
The cyber threat confronting Switzerland has entered a new and more dangerous phase, one defined by the convergence of artificial intelligence, geopolitical strife, and an unprecedented dependence on interconnected digital systems. A comprehensive analysis by Swisscom, its 2026 Cybersecurity Threat Radar, documents a significant intensification of attacks over the past year. Simultaneously, data from the National Cyber Security Centre (NCSC) and assessments from the Federal Intelligence Service confirm that the nation’s critical infrastructure is the target of near-daily digital assaults. This is not a speculative forecast; it is the documented operational reality for the systems that underpin Swiss society and, by extension, the broader European continent.
Swisscom’s report identifies state-motivated cyber operations, hybrid warfare tactics, deliberate disinformation campaigns, and the compromise of software supply chains as the principal risk vectors. The digital transformation that has swept through every sector means that enterprises and public services alike are now tethered to cloud platforms, external code repositories, artificial intelligence models, and networked industrial control systems. The report warns, with precision, that a failure to understand how software is constructed, where data resides, or which legal regimes govern external providers constitutes a loss of control with potentially grave consequences for the entire organisation. The security of production facilities, energy distribution grids, medical technology, and building automation has thus become a primary concern. The blurring boundary between information technology and operational technology means that a malicious intrusion can now produce kinetic, physical effects, not merely data loss.
Artificial intelligence functions as a potent accelerant. While it drives productivity gains, it simultaneously magnifies existing vulnerabilities when governance is absent. Swisscom highlights the proliferation of non-transparent AI models, the unsanctioned use of AI tools in daily workflows, and the weaponisation of AI to automate and refine attacks. The warning is stark: trust in a provider or a system is no longer a sufficient defence. Enterprises must now actively manage the provenance, integrity, and dependencies of their software, data, and hardware. Cybersecurity has ceased to be a purely technical concern and has become a strategic imperative for resilience, trust, and digital sovereignty.
The gravity of this shift is reflected in the operational data. Following the introduction of mandatory 24-hour reporting for critical infrastructure operators last April, the NCSC recorded 145 cyber incidents in the second half of 2025 alone. NCSC Director Florian Schütz observed that alongside the persistent menace of cybercrime, organisations must now contend with increasingly sophisticated assaults by state-sponsored actors pursuing strategic goals. The Conference of Cantonal Justice and Police Directors echoed this alarm, with its president Karin Kayser-Frutschi stating flatly that these are not abstract threats but actual attacks. Espionage, she noted, is directed with particular intensity against research institutions, innovative companies, critical infrastructure, and public administrations, executed through both digital intrusion and traditional reconnaissance methods.
The cadence of publicly known cyberattacks against Swiss organisations. Source: KonBriefing Research.
Switzerland’s geography and its role as a European hub amplify the stakes. The country is not an isolated case; it is a vital node in the continent’s energy, telecommunications, and transport architectures. Its high Alpine hydroelectric dams act as a giant battery for Europe, storing and releasing power to stabilise the volatile output of solar and wind generation across Germany, France, and Italy. The synchronous grid that unites these nations is efficient and reliable, but as Wolfgang Kröger, emeritus professor at ETH Zurich and a specialist in infrastructure risk, explains, this interconnectedness also creates vulnerability. Disturbances and abnormal load flows can penetrate the Swiss grid from the outside, and the sophisticated digital systems that monitor and manage this network represent the primary attack surface. The precedent is well established: the 2015 cyberattack on Ukraine’s electricity grid, attributed to Russian hackers, plunged 230,000 consumers into darkness, and American agencies recently warned of Iranian-linked hackers probing US power and water systems.
Beyond energy, Switzerland routes vast volumes of European internet traffic through its fibre-optic backbone and exchange points. Its rail and road freight corridors, including the Gotthard Base Tunnel, are integral to regional supply chains for everything from food to high-tech components. The accidental derailment that closed that tunnel for over a year in 2023 was a stark reminder of systemic fragility, but deliberate attacks elsewhere in Europe, such as the railway sabotage in Poland attributed to Russian intelligence, demonstrate that such chokepoints are now viewed as legitimate targets. The French national cybersecurity agency has already linked attacks on public services, telecoms, finance, and transport in late 2025 to groups affiliated with Russian and Chinese intelligence services. While Switzerland has not yet suffered confirmed cyber sabotage on its industrial systems, the July 2025 assault that knocked out Luxembourg’s mobile network for hours, severing emergency numbers and online banking, illustrates the ease with which a critical service can be disabled. The advance of artificial intelligence compounds the threat; AI company Anthropic recently disclosed that its latest model had autonomously identified decades-old vulnerabilities in software widely embedded in critical infrastructure, vulnerabilities that could be exploited to remotely crash operational systems.
Federal Intelligence Service Director Christian Dussey has framed the situation bluntly. Presenting the agency’s annual assessment, Switzerland’s Security 2025, he warned that global confrontation has direct effects on Switzerland. The country must view its security within a global context, he stated, noting that the strategic radar is simultaneously tracking fifteen crisis hotspots, a density of threats without modern precedent. Switzerland is vulnerable to physical or cyber assaults by state actors who seek to harm other nations or alliances that depend on Swiss infrastructure. As an open society and a non-member of both the EU and NATO, yet positioned at the centre of Europe, Switzerland risks becoming an insecurity factor for its neighbours. Kayser-Frutschi stressed that this status requires Switzerland to demonstrate a credible commitment to partnership; without deeper cooperation, it does not always receive the timely intelligence that cantonal police forces need to detect emerging threats.
In response, the Federal Council is advancing a series of legislative and operational measures. Plans are underway to introduce binding reliability standards for critical infrastructure and to establish clearer rules on how sensitive data must be protected by federal authorities, cantons, and private operators. The government has also requested CHF 3.4 billion for security requirements in 2026, prioritising air defence, counter-drone capabilities, and expanded cybersecurity. Yet resilience carries a cost. As Kröger notes, the financing of costly measures, stockpiling large power transformers, running predictive simulations to locate weak points, and ensuring redundancy, demands a clear legislative framework and regulatory mechanism. The burden will likely be shared between public funds and consumers through mechanisms such as a marginal increase in electricity tariffs.
The Swisscom report closes with a conclusion that distils the new paradigm. Trust in providers and systems is no longer adequate; transparency and active management of the origin, integrity, and dependencies of software, data, and systems are required. For Switzerland, a nation whose stability is woven into the fabric of European critical infrastructure, the ability to ensure that resilience is not a technical afterthought but a strategic, adequately funded, and cooperatively executed national priority. The daily barrage of attacks is not an abstraction. It is a sustained campaign against the arteries of modern life, and the response must be equally relentless.
Sources: Swisscom, 2026 Cybersecurity Threat Radar; Switzerland’s National Cyber Security Centre (NCSC); and the Federal Intelligence Service, "Switzerland’s Security 2025": Global confrontation has direct effects on Switzerland (2 July 2025). Cyberattack frequency data: KonBriefing Research.