IT Security Day Mainz: Risks in Digital Supply Chains – What Does This Mean for Swiss SMEs?

Only 42% of Swiss companies consider their protection sufficient in the event of a cyberattack. This alarming figure, from the 2025 Cyberstudie.ch, should make every CEO of a Swiss SME sit up and take notice.

While the IT Security Day Mainz on May 6, 2026, will focus on "Risks in Digital Supply Chains," its relevance for Switzerland is undeniable. Digital supply chains are no longer an abstract threat but the reality for any company working with software, cloud services, or networked partners. The notion that an attack on a seemingly insignificant supplier can cripple your own business may be uncomfortable, but it is real.

However, the real problem is not just the growing threat, but also our response to it. The general sense of IT security in Swiss companies has slightly decreased: while 57% felt secure in 2024, only 52% do in 2025. Paradoxically, we are observing that investments in security measures are declining, even as the threat landscape is increasing. This is not a sustainable strategy, but a dangerous game of playing with fire, which could quickly reach CHF 9.5 billion in annual costs for cyber risks in Switzerland, as predicted by the Swiss Insurance Association (SVV) for 2026.

What specific risks does integration into digital supply chains pose for Swiss SMEs?

The risks are comprehensive, ranging from direct cyberattacks on weaker links in the chain to compliance violations that can significantly damage your SME's reputation and finances.

A Swiss SME, for example, that uses specialized software from a smaller European provider is dependent not only on the quality of the product but also on the IT security of that provider. If this supplier falls victim to an attack, the consequences can directly impact the Swiss SME. This can range from data breaches and operational disruptions to reputational damage.

We must view this interconnectedness through the lens of strategic analysis. A PESTEL analysis shows us that political tensions (P) can quickly lead to state-sponsored cyberattacks, which in turn affect the supply chain. Technological developments (T), such as the increasing complexity of software, expand the attack surface. Legal frameworks (L), like the Swiss Data Protection Act (DSG), turn every data leak into a costly compliance problem. From Porter's Five Forces perspective, the bargaining power of suppliers influences security: if you have only a few specialized suppliers whose security level you cannot fully assess, your risk increases.

The reality is that many SMEs do not adequately secure their digital supply chains. They rely on standard contracts or assume their partners adhere to the same security standards. Often, in a critical situation, it turns out this is not the case. Attackers know this. They look for the weakest link in the chain and use it as an entry point. This could be a smaller service provider managing your CRM data or a hardware supplier whose products are delivered with tampered firmware. The "SolarWinds" attack, where widely used software was exploited as an entry point for attacks on thousands of companies, is a prominent example of how a single vulnerability in the supply chain can have far-reaching consequences.

For Swiss SMEs, there's also the fact that they often operate in global supply chains but are confronted with national regulations like the DSG. A data outflow via a partner abroad can quickly lead to hefty fines and a massive loss of trust. The consequences are not only financial but also affect customer confidence and competitiveness. Such an event can threaten the existence of an SME.

How can Swiss SMEs effectively strengthen their IT security along networked value chains?

Effective strengthening requires a proactive, holistic approach, ranging from strategic analysis to continuous monitoring, encompassing both technical and organizational measures.

The first step is always a thorough analysis of your own position and the entire supply chain. A comprehensive AI Readiness Analysis, going beyond our 5-Pillar Method (Strategy & Vision, Data & Infrastructure, Skills & Culture, Processes & Organization, Ethics & Compliance), is essential for this. It not only identifies vulnerabilities within your company but also assesses critical interfaces with your partners. Without this foundational work, which also includes a SWOT analysis of internal strengths and weaknesses, as well as external opportunities and threats, you are operating blind.

A focus should be on data and infrastructure. Where is critical data stored? Who has access to it? Are your partners' systems compatible and secure with yours? This is where the value of solid data processing and cleansing becomes apparent. You need to know what data is flowing to even detect anomalies. AI systems trained through prompt engineering and specific LLM fine-tuning to detect anomalous data flows in supply chains can offer crucial advantages by identifying patterns that human analysts would overlook. However, this requires a solid foundation of ML fundamentals and data visualization to interpret the results.

The human component is equally important. Your employees must be made aware of the risks. Regular training on recognizing phishing attempts or handling sensitive data securely is not an option but a necessity. Furthermore, clear processes and responsibilities must be defined. Who is responsible for vetting new suppliers? How are security incidents reported and handled? A well-thought-out incident response playbook is crucial for reacting quickly and in a coordinated manner in an emergency and minimizing damage.

Another aspect is strategic alignment. An AI strategy must be closely aligned with business goals. This means not blindly adopting every new technology, but selectively using those that offer real added value for the security and efficiency of your supply chain. Developing a strategic AI roadmap based on the findings of the readiness analysis helps prioritize investments and deploy resources effectively. This prevents you from investing in technologies that do not fit your specific risk profile.

What measures are essential for Swiss SMEs to protect themselves against attacks on their digital supply chains?

Essential measures include detailed risk assessments, the implementation of clear security standards across the entire chain, and a culture of continuous vigilance and adaptation.

Defending against attacks on digital supply chains is not a one-time task but an ongoing process. First, you need to map your supplier landscape. Who are your critical suppliers? What data do you share with them? Thorough due diligence is non-negotiable. This includes verifying their security certifications, auditing their systems, and contractually defining security requirements and liability issues. Without clear contractual arrangements, you often stand alone in the event of damage.

A central point is access management. The principle of least privilege must be consistently implemented. Every employee and every external partner should only be granted access to the data and systems absolutely necessary for their role. Multi-factor authentication (MFA) is an absolute must here, not only for your internal systems but also for access to cloud services and partner platforms. This reduces the risk that compromised credentials can cause widespread damage.

For Swiss SMEs, it is also crucial to consider data storage. Swiss hosting solutions often offer higher protection under the Swiss Data Protection Act (DSG) and build trust with customers. If data needs to be transferred abroad, compliance with DSG requirements and, if applicable, the EU GDPR (with the appropriate transfer mechanisms) is mandatory. Forgoing these checks is an incalculable risk.

To illustrate the complexity of implementation, it is worth looking at two fundamental approaches to strengthening supply chain security:

Regardless of the chosen approach, regular security audits and penetration tests are essential. Not only for your own systems but also for those of your critical partners, where contractually possible. Such tests uncover vulnerabilities before attackers can exploit them. Effective vulnerability management, based on continuous monitoring and rapid remediation, is invaluable.

Do not forget the importance of backup and recovery solutions. In the event of an attack that encrypts your systems or deletes data, a current, secure, and tested backup is your last line of defense. Ensure your backups are stored offline or in isolated environments to protect them from ransomware attacks.

Lukas Huber, with my IPSO certification in AI Business, can confirm that such a comprehensive approach, integrating strategic analysis (PESTEL, SWOT, Porter), technical expertise (MLOps, Python scripts for data analysis), and organizational measures, is the only viable path. Relying solely on individual technical solutions overlooks the bigger picture. It's about a continuous improvement process and the ability to adapt to an ever-changing threat landscape.

Conclusion: The Supply Chain is Only as Strong as Its Weakest Link

The digital supply chain is both a blessing and a curse for Swiss SMEs. It enables efficiency and innovation but also harbors significant, often underestimated risks. The IT Security Day Mainz makes it clear that the threats are real and complex. The paradoxical decline in the sense of security coupled with decreasing investments in Switzerland is a wake-up call. It's time to act proactively and view IT security not as a cost factor, but as a strategic investment in the company's future.

Your digital supply chain is a reflection of your resilience. Invest now in a robust strategy and the right measures to protect your SME sustainably.

✅ Strategic analysis is the starting point: Understand your risks through sound assessments and frameworks like PESTEL and Porter's Five Forces.

✅ A holistic approach counts: Combine technical security measures with employee awareness, clear processes, and contractual safeguards.

✅ Continuous vigilance is essential: IT security is a marathon, not a sprint. Regular review, adaptation, and the use of smart technologies ensure your long-term success.

Would you like to assess the security of your digital supply chains soundly and implement targeted measures? Contact us for a no-obligation initial consultation.