The objective of the Trust Valley initiative is to promote cybersecurity and digital trust among companies in the Lake Geneva region. Its CEO, Lennig Pedron, discusses the challenges of the IT sector, as well as the Trust4SMEs program, which aims to strengthen the cybersecurity capabilities of SMEs.
The world is facing a shortage of IT professionals and Switzerland is no exception. A recently published study by the Basel Institute of Economics indicates a shortage of nearly 40,000 IT specialists by the end of the decade. The challenges are multiple and encompass areas as varied as law, training, and ethics. To address this issue, the Trust4SMEs program, launched in 2022, aims to define best practices for strengthening not only cybersecurity but also the ability of businesses to thrive in a digitized world. One in three SMEs has already suffered a cyberattack, and the trend increased by 44% in 2021, according to a report based on two studies conducted by Digitalswitzerland and the University of Applied Sciences and Arts Northwestern Switzerland (FHNW).
Are SMEs sufficiently aware of the importance of cybersecurity threats?
Lennig Pedron: We are seeing a real positive evolution in the awareness of SMEs, especially because computer hacking is more visible than before and is starting to worry them. However, not all SMEs have the means to protect themselves adequately, and cybersecurity measures are still largely perceived as a cost rather than an investment.
How can we effectively provide more impetus for businesses to take concrete action?
Pedron: In the case of SMEs, particularly in the financial sector, the impetus comes directly from customers who now demand guarantees in terms of cybersecurity. This is not surprising, as 60% of corporate cyberattacks are believed to occur through the supply chain. As a result, many SMEs must demonstrate their reliability by complying with ISO standards. However, this process can be challenging, especially for small businesses that outsource their IT management. Fortunately, we are seeing the emergence of start-ups that should be able to assist these companies in the coming months or years by offering certifications for compliance with common standards.
What exactly does the Trust4SMEs program that you launched entail?
Pedron: We begin by conducting a diagnostic of the company to best direct resources towards strengthening its cybersecurity. We then provide several modules covering all key areas of digital trust. On the legal front, we have dedicated a module to the new Federal Data Protection Act, which will come into effect in September. We have also implemented a fictitious phishing campaign to test the company's ability to thwart intrusion attempts. In addition, we organize closed and confidential discussion circles with all staff members to allow SMEs to exchange experiences. Finally, each company benefits from the advice of a coach and several mentors.
How do you select the companies that will have the opportunity to receive your assistance, given that the first two editions have attracted more candidates than there were available spots?
Pedron: First, it is important to determine the strategic significance of the company for the region's ecosystem. The question is to define the extent of the impact that a cyber-attack on the company would have on other regional players. We also try to ensure a certain degree of diversity. The objective is to reach as many fields of activity as possible (real estate, IT, medical, etc.), and to give both small structures with a few employees and companies with more than 100 employees the opportunity to participate in the program. By considering all sectors of the economy and companies of all sizes, we hope to achieve more significant progress.
How can we address the looming shortage of skills in IT?
Pedron: The main challenge is to rethink the training of IT professionals to create more interest in the field. Significant progress has already been made in this regard: about twenty years ago, cybersecurity was not even a separate field of study. Today, higher education has taken up the theme, and there are bachelor's and master's programs offering specialized and advanced training. However, it is now necessary to go even further by offering apprenticeships in a professional environment that can train analysts. It could also be interesting to consider how to create more vocational interest among women – who are still very much in the minority in the field – and young people who have not yet completed their compulsory education, so that they become aware of the existence of these professions and their importance for tomorrow's world.