Cyber threats – growing risk,growing responsibility
Original article published in the magazine ‘Top 100: The largest companies in the canton of Solothurn’
Concerns about cyber attacks are preoccupying the Solothurn economy more than almost any other issue. This is clearly shown by the latest 2025 Concern Barometer published by the Solothurn Chamber of Commerce and the Solothurn Trade Association: with a score of 6.1 on a scale of 10, cyber security is on a par with the economic situation – only bureaucracy causes companies even more headaches. This means that the threat from the digital world has become increasingly significant in recent years.
‘The issue has become increasingly important in recent years,’ says Christian Hunziker, Deputy Director of the Solothurn Chamber of Commerce (SOHK). The trade association regularly informs its members about data security and data protection issues, for example through articles in Wirtschaftsflash or by organising its own specialist events. In May of this year, for example, a well-attended event entitled ‘Cyber Security in Turbulent Times’ was held in collaboration with the auditing and consulting firm EY Switzerland. ‘We address this topic regularly, whether in the context of information or networking events,’ says Hunziker. ‘Interest is growing every year.’
Other problems are – supposedly – more urgent
Cyber security has also long been a topic of growing priority for the SME and Trade Association of the Canton of Solothurn (KGV). Managing Director Sarah Koch observes that although many companies are aware of the danger, it often takes a back seat to – supposedly – more urgent problems in everyday life. ‘There is room for improvement in this regard,’ she says. ‘Everyday concerns usually take precedence, especially in commercial enterprises. But when an attack occurs, the damage is usually enormous.’ For this reason, the association wants to raise awareness in the future. From 2026, a series of events on key SME topics will be held regularly, including IT security, data protection and the use of artificial intelligence. ‘These topics must be easy for commercial enterprises to implement and must not cost a fortune,’ emphasises Koch.
In addition, the KGV is considering joining the umbrella organisation SGV, which is a partner of the ‘Cyber-Safe’ label. This label supports SMEs in assessing their cyber risks and awards companies with a security certificate. ‘We see ourselves as a service provider and intermediary,’ says Koch. ‘If someone has a concern, we help them find the right specialists.’
Security with system
One such specialist is MTF Solutions AG. Founded in Olten, the company has been supporting SMEs in all matters relating to IT and information security for more than 42 years. For Cosimo Bruno, site manager in Olten/Pratteln, cyber security has undergone a fundamental change in recent years.
"IT security used to be seen as a necessary evil. Today, it is strategically relevant. SMEs are increasingly realising that cyber risks are real business risks – from production downtime to reputational damage."
Cosimo and his team see every day how different companies are in terms of their level of maturity. ‘Many companies are on the right track, but often lack processes, defined responsibilities or emergency plans. Cyber security is not a project that can be ticked off – it is an ongoing task that needs to be regularly reviewed and adapted.’
MTF's security strategy is based on three pillars: infrastructure, employees and organisation. ‘We support our customers in all areas,’ explains Cosimo. ‘In terms of organisation, we help them set up business continuity management and emergency plans. For employees, we offer awareness training and phishing campaigns. In terms of infrastructure, we optimise technical measures such as firewall rules or security settings in Microsoft 365 environments – all according to the zero trust principle.’
MTF places particular emphasis on prevention. ‘We usually start with a risk analysis, followed by a security audit. From this, we develop a tailor-made security strategy and support the customer in its implementation.’ For smaller companies, MTF has developed modular security packages that are tailored to SMEs with a defined scope of services. ‘Smaller businesses in particular need solutions that are feasible and affordable.’
Protection around the clock
Technically, MTF relies on its own Security Operations Centre (SOC), which monitors customer systems around the clock. ‘Our SOC is specially designed for SMEs,’ says Cosimo. Threats are identified at an early stage and action can be taken before they cause any damage. Should an incident nevertheless occur, the Security Incident Response Team is on standby: ‘We analyse the situation, organise a task force if necessary and also support the customer in communicating with the authorities or, if necessary, with the attackers themselves.’
MTF also operates its own private cloud in Switzerland. Its customers' data is stored in certified data centres that are subject to Swiss data protection laws. Cosimo Bruno: ‘The big international providers promise the same thing, but at MTF, the systems are managed by our own employees. That creates trust.’ Demand for data sovereignty has risen rapidly in recent months.
Another focus is on employee training. ‘Over 60 per cent of all security incidents start with human error or phishing attacks,’ says Cosimo. That's why awareness training is so important. However, many companies only react when they themselves have been attacked. ‘At that point, suddenly there's talk of budget. But prevention is always cheaper than reaction.’
Typical signs of a phishing email: No personal salutation (reputable senders know and mention the names of the recipients), a link leads to a strange website (a pop-up when hovering over the link with the mouse shows the destination without having to click on the link), unusual information (‘41.28 CHF’) or incorrect addresses (‘3900 Brigade’ instead of ‘3900 Brig’).
Typische Anzeichen für ein Phishing-Mail: Keine persönliche Anrede (seriöse Absender kennen und erwähnen die Namen der Angeschriebenen), ein Link führt zu einer seltsamen Webseite (Popup beim Überfahren des Links mit der Maus zeigt das hinterlegte Ziel, ohne dass man auf den Link klicken muss), unübliche Angaben («41,28 CHF») oder falsche Adressen («3900 Brigade» statt «3900 Brig»).
Network against cybercrime
MTF Solutions AG regularly collaborates with regional stakeholders. ‘Awareness-raising works best within a network,’ emphasises Cosimo. His company is involved in information events with the cantonal police and associations. ‘This allows us to reach companies directly and impart knowledge in a practical way.’
The Solothurn cantonal police also focuses on prevention. Sandra Lüthi, head of investigation support, describes the interaction between the federal government, business and the police as crucial. ‘The Federal Office for Cyber Security (BACS) coordinates the national strategy, while the cantonal police authorities are responsible for combating cybercrime at the local level,’ she explains. ‘An important part of our work is education.’ This includes specially organised information events, training courses and specialist lectures – such as at BDO's Cyber Security Breakfast, where companies and experts discuss current threats.
This close cooperation is crucial, she says, because cybercrime knows no boundaries. The cantonal police work with national networks such as NEDIK (Network for Digital Investigation Support in Cybercrime) and international partners such as Europol and Interpol. According to Lüthi, the aim is not only to prosecute offenders, but also to raise awareness of the risks – especially among SMEs.
Share responsibility
Cybersecurity is a joint effort. Authorities, associations and service providers are all pulling in the same direction – each in their own way. For Cosimo Bruno, it's clear what matters: ‘Get professional help, have your infrastructure checked regularly and keep your systems up to date. And above all, raise awareness among your employees – they are an important line of defence.’