Heightened tensions – driven in part by AI
By the end of the year, 222 mandatory reports of cyberattacks on critical infrastructure had been submitted — roughly one per day. Mandatory reporting has been in force since 1 April 2025. Since October 2025, organisations that fail to report incidents have faced the risk of a fine.
The Federal Council now wants to strengthen the resilience of critical infrastructure against disruptions of all kinds through new legislation. One piece of the wider security puzzle is the new electronic identity, the E-ID. Its launch has now also been postponed to 1 December 2026 due to security concerns, including those raised by the Swiss Federal Audit Office.
More AI, more exposure
Last year, BACS received 64,733 voluntary reports from businesses and members of the public — around 2,000 more than in 2024. Most of these involved fraud, spoofed emails and highly convincing scam phone calls. Criminals are increasingly using artificial intelligence (AI) to make these attacks more effective.
Reports of malware-infected devices more than doubled year on year, reaching 2,347,618 cases. That should come as no surprise: according to a forecast by the non-profit security organisation FIRST (Forum of Incident Response and Security Teams), the number of reported vulnerabilities is expected to exceed 50,000 during 2026. The median forecast points to 59,000 published vulnerabilities by year-end. According to the analysis, the realistic range could in fact be between 70,000 and 100,000 vulnerabilities..
Threat trends
Almost 83 per cent of all analysed phishing emails contain AI-generated elements. That is the finding of an analysis by cybersecurity platform KnowBe4. It also found that 76 per cent of all phishing campaigns are polymorphic in nature. In practice, this means AI generates countless variations of the same email to evade security filters that rely on pattern recognition.
AI is also being used in direct attacks on smartphones. Researchers at ESET say they have identified Android malware capable of establishing itself more effectively across fragmented device environments with the help of AI. The malware, known as “PromptSpy”, uses Google Gemini to adapt itself to a wide range of devices, user interfaces and operating system versions.
Concern is growing. Gartner predicts that, by 2028, a misconfigured AI system will cause an outage in the critical national infrastructure of a G20 country. According to the report, such systems could autonomously shut down services or misinterpret sensor data. A “kill switch”, it argues, will be essential.
There is one encouraging development: according to Chainalysis, ransom demands in ransomware attacks are getting smaller, even though the number of reported attacks is rising sharply worldwide. Total on-chain ransomware payments fell by around 8% in 2025 to USD 820 million, despite a 50% increase in reported incidents. At the same time, however, the average payment rose to USD 60,000.
According to the report, around 85 ransomware groups are currently active. At the same time, attacks on small and medium-sized businesses are increasing, as these organisations tend to pay more quickly than large enterprises. CyberEdge Group reports that 41 per cent of ransomware victims paid in 2024. Yet only around half of those who paid were able to recover their data. That shows clearly why cybercrime is shifting its focus towards new targets.
This is precisely why b.secure with Baggenstos matters. SMEs often lack the internal resources needed to deal with today’s cyber threat landscape effectively. With the right partner at their side, they gain continuous oversight of their infrastructure from a security perspective and support across the full spectrum — from data protection to cloud network security.
Related Links