
KIDANVerse

KIDANVerse
End-to-end security operations monitoring.
Expert guidance for strategic technology decisions.
Enterprise services supporting critical IT infrastructure.
Seamless enterprise technology solution deployment.
Empower teams with expert-led technology programs.
Gain complete visibility into your technology infrastructur
Tailored IT solutions for operational excellence.
Expert on-demand consultation for technology procurement
Dedicated IT support for seamless operations.
Anything else ? please
contact us
Reach out to KIDAN for inquiries and support.
24/7 global technology operations center.
Expert guidance for strategic technology
decisions.
Learn more about KIDAN’s vision, values, and expertise.
Proactive security operations to
protect data asset
Intelligent operations control for
agile IT systems
Ensuring smooth network operations
and uptime 24/7
Anything else ? please
contact us
Expert guidance for strategic technology
decisions.
Learn more about KIDAN’s vision, values, and expertise.
Strategic Vendor Partners
Technical Managed Solutions
Enterprise clients across industry sectors
IBM’s 2024 Cost of a Data Breach Report measured the average breach lifecycle at 287 days 197 to identify, 90 to contain. Every day without detection compounds the financial and operational damage.
This figure includes detection and escalation, notification, post-breach response, and lost business IBM's highest recorded average in the study's 19-year history. For an SME, a serious breach can exceed an entire annual IT budget. Prevention, detection, and response investment consistently delivers positive ROI even when no breach occurs, because the longer a breach goes undetected, the more it costs.
Swiss businesses face a concentrated threat landscape dominated by ransomware, phishing/BEC, supply chain compromise, and credential attacks. SMEs in manufacturing, healthcare, and financial services are the primary targets — because they hold valuable data, rely on uptime, and historically underinvest in defences.
Switzerland’s position as a global financial centre and precision manufacturing hub makes it a high-value target. The Swiss National Cyber Security Centre (NCSC) received roughly 49,000 reports in 2023, up from around 34,500 in 2022 an increase of approximately 43%. These are reports submitted by the public and organisations, including scams and fraud attempts, not confirmed breaches but the trend in reported cyber activity against Switzerland is unambiguous.
The threat landscape for Swiss organisations is not abstract. It is specific, and it is weighted toward the sectors KIDAN serves. Understanding how breaches occur and where defensive effort delivers the most value is the foundation of a proportionate security programme.


Effective cybersecurity is not about buying every tool – it is about understanding which assets matter most, what threats are most likely, and where your current controls leave gaps. A risk-based approach allocates limited budget to the controls that reduce your actual exposure, not theoretical worst-case scenarios.
The fundamental equation of cyber risk is: Risk = Threat × Vulnerability × Asset Value. An expensive control that protects a non-critical asset from an unlikely threat is a poor investment. A basic control that protects a business-critical system from a highly probable attack vector is essential. Most SMEs fail here — they invest in perimeter security while leaving identity management and endpoint visibility underfunded.

A modern cybersecurity programme is not a single tool it is a layered architecture where each control reinforces the others. If an attacker bypasses Layer 1 (endpoint), Layer 2 (network) should contain them. If Layer 2 fails, Layer 3 (identity) should block lateral movement. Defence-in-depth means no single point of failure.
The following six layers represent the minimum viable architecture for a Swiss business handling sensitive or business-critical data. The order matters: each layer addresses a distinct attack surface, and together they create a system that is substantially harder to compromise than any individual tool can achieve.
EDR/XDR on every device. Blocks known malware, detects unknown threats through behavioural analysis, enables remote isolation. SentinelOne XDR is KIDAN's recommendation for Swiss enterprises.
Firewall, DNS filtering, network segmentation, and traffic inspection. Prevents lateral movement inside the network and blocks command-and-control communications.
MFA everywhere, privileged access management (PAM), zero-trust principles. Credential theft is the top attack vector - IAM is the highest-leverage control. ManageEngine PAM360 for privileged accounts.
Log aggregation, anomaly detection, and alerting across all layers. Reduces mean time to detect (MTTD) from months to minutes. ManageEngine Log360 with MITRE ATT&CK mapping.
Encryption at rest and in transit, data loss prevention, backup integrity verification. Ensures that even if all other layers fail, data cannot be exfiltrated or permanently destroyed.
The human firewall. Phishing simulations, role-based training, and incident reporting culture. 82% of breaches involve human action this layer addresses the attack surface no tool can fully close.
Cyber risk prioritisation matrix for Swiss SMEs. Likelihood and impact are illustrative, based on common Swiss SME risk patterns – adapt to your specific asset inventory and threat model.
Traditional cybersecurity drew a hard boundary around the corporate network everything inside was trusted, everything outside was not. That model is obsolete. Remote work, cloud adoption, and SaaS proliferation have dissolved the perimeter entirely. Today, identity is the primary control plane. If an attacker obtains valid credentials for a privileged account, no amount of firewall investment will stop them. This is why Privileged Access Management (PAM) specifically controlling, monitoring, and auditing what privileged users can do is among the highest-leverage investments a security programme can make, given that credential abuse is a leading attack vector.
Swiss businesses are bound by the nFADP (SR 235.1), which requires proportionate technical and organisational security measures for all personal data. FINMA-regulated entities face additional binding cybersecurity circulars with specific requirements around incident reporting, access management, and business continuity. ISO 27001 is increasingly contractually required by enterprise customers and supply chain partners.
The revised Federal Act on Data Protection (nFADP / nDSG), in force since 1 September 2023, fundamentally changed the compliance landscape for Swiss businesses. Unlike its predecessor, the new law carries sanctions of up to CHF 250,000 levied on the responsible individuals, not the company and requires demonstrable technical controls, not just a written policy. A controller must notify the FDPIC of a data security breach “as soon as possible” (Art. 24) where it is likely to cause a high risk to the personality or fundamental rights of those affected Swiss law sets no fixed numeric deadline for this. Simultaneously, GDPR continues to apply to any Swiss business processing data of EU residents, and GDPR does impose a fixed 72-hour notification deadline (Art. 33) so many Swiss organisations face dual obligations with different clocks.
Three frameworks govern cybersecurity obligations for Swiss businesses. Understanding which applies to you and how they interact determines your minimum compliance baseline.
Requires technical and organisational security measures proportionate to risk. Mandates notifying the FDPIC of a breach likely to cause high risk, and affected individuals where needed for their protection. Privacy-by-design is now a legal requirement, not a best practice.
Applies to any Swiss organisation processing personal data of EU residents. Requires a 72-hour notification to the lead supervisory authority (Art. 33) a stricter, fixed deadline that does not apply under Swiss law alone plus fines of up to 4% of global turnover.
FINMA Circular 2023/1 on Operational Risks requires licensed entities to implement specific ICT risk management frameworks and mandates board-level accountability. Under Art. 29(2) FINMASA and FINMA Guidance 05/2020, supervised institutions must submit an initial report of a material cyberattack within 24 hours of detection.
The international standard for information security management systems (ISMS). Increasingly required by enterprise customers as a supplier qualification criterion. Updated 2022 version added controls for threat intelligence, cloud security, and ICT supply chain security.
Frequently required or expected by US enterprise customers and cloud-service buyers, though it is a customer expectation rather than a legal mandate. Covers security, availability, processing integrity, confidentiality, and privacy via an annual independent audit.
Swiss health data is governed by the nFADP and the Federal Act on the Electronic Patient Record (EPRA/EPDG), plus cantonal law not by the EU's Health Data Space (EHDS), which is EU law and does not directly bind Swiss providers. EHDS may have indirect effects only for EU-facing operations.
The nFADP is deliberately technology-neutral it does not specify which tools to use, only that measures must be proportionate to the risk posed by your data processing activities. In practice, the FDPIC expects organisations to demonstrate:
only authorised persons can access personal data, with logging of who accessed what and when
personal data must be protected in transit and, where risk warrants it, at rest
a documented process for detecting, containing, and notifying the FDPIC "as soon as possible" when a breach poses high risk (Swiss law sets no fixed numeric deadline; this differs from the GDPR's 72-hour rule)
a register of processing activities (Verzeichnis der Bearbeitungstätigkeiten) is required for businesses above 250 employees or processing sensitive data
contractual guarantees that processors handle data in compliance with nFADP requirements
Zero Trust is a security architecture based on the principle “never trust, always verify.” Every access request regardless of whether it originates inside or outside the network is authenticated, authorised, and continuously validated. It is the most effective architecture for hybrid work environments and cloud-heavy organisations.
The Cybersecurity Maturity Model describes five levels of organisational capability from ad-hoc reactive responses to optimised, continuously improving programmes. In KIDAN’s experience, most Swiss SMEs operate at Level 1 or 2. Moving to Level 3 is widely considered to deliver the majority of achievable risk reduction and to satisfy the core expectations of nFADP and ISO 27001.
No formal programme. Reactive to incidents. No documented policies or controls. Highest breach probability.
Basic controls in place (antivirus, firewall, backup). Inconsistently applied. No security monitoring. MFA partial.
Documented policies, EDR deployed, MFA enforced, SIEM active, incident response plan tested. nFADP-ready.
Metrics-driven programme. PAM and Zero Trust implemented. Threat intelligence integrated. ISO 27001 achievable.
Continuous improvement. Threat hunting active. Red/blue team exercises. Automated response. Board-level visibility.
No formal programme. Reactive to incidents. No documented policies or controls. Highest breach probability.
Basic controls in place (antivirus, firewall, backup). Inconsistently applied. No security monitoring. MFA partial.
Documented policies, EDR deployed, MFA enforced, SIEM active, incident response plan tested. nFADP-ready.
Metrics-driven programme. PAM and Zero Trust implemented. Threat intelligence integrated. ISO 27001 achievable.
Continuous improvement. Threat hunting active. Red/blue team exercises. Automated response. Board-level visibility.
In KIDAN's own client assessments, most of the Swiss SMEs we review operate at Level 1 or 2 below what is typically needed for nFADP readiness. This is an internal observation from KIDAN's assessment work, not a representative national statistic. The most common gap: no formal incident detection capability (SIEM/EDR), and MFA not enforced on administrative accounts.
replace or supplement legacy antivirus with behavioural detection
especially email, VPN, admin consoles, and cloud services
centralise log collection and create detection rules for your top-priority threats
a documented process covering detection, containment, notification, and recovery
identify all accounts with administrative rights and apply least-privilege principles
Every organisation will eventually face a security incident. How fast it is detected and how well-prepared the response is largely determines the cost. A documented, tested incident response plan is not optional it is the most important document in your security programme.
KIDAN's security practice covers endpoint, identity, network, and compliance advisory for Swiss SMEs and enterprise clients. Switzerland's official ManageEngine Gold Partner and Zoho Premium Partner, headquartered in Allaman/Gland, Switzerland.
IBM Security. Cost of a Data Breach Report 2024. Global average cost USD 4.88M; average breach lifecycle 258 days (194 to identify, 64 to contain). IBM does not publish a Switzerland-specific figure.
Swiss National Cyber Security Centre (NCSC). Reporting figures for 2022 (~34,527) and 2023 (~49,379). These are reports submitted by the public and organisations, including scams and fraud, not confirmed breaches.
Verizon. 2024 Data Breach Investigations Report (DBIR). Human element ~68% of breaches; ransomware/extortion ~32%; stolen credentials ~31%; third-party/supply chain involvement ~15%; vulnerability exploitation as initial vector ~14% (roughly tripled year-on-year). Global figures; categories overlap.
Swiss Federal Council. Federal Act on Data Protection (nFADP/nDSG), SR 235.1, Art. 24. In force 1 September 2023. Breach notification to the FDPIC "as soon as possible" no fixed numeric deadline. Sanctions up to CHF 250,000, levied on responsible individuals. Full text via fedlex.admin.ch.
FINMA. Circular 2023/1 Operational Risks and Resilience Banks. Effective 1 January 2024. Separately, Art. 29(2) FINMASA and FINMA Guidance 05/2020 require an initial report of a material cyberattack within 24 hours of detection.
EU General Data Protection Regulation (GDPR). Art. 33 — 72-hour notification to the lead supervisory authority. Art. 83 fines of up to €20M or 4% of global turnover, whichever is higher.
Mandiant. M-Trends 2024. Global median attacker dwell time of approximately 10 days.
NIST. Cybersecurity Framework 2.0 (February 2024) and SP 800-207 (Zero Trust Architecture). framework.nist.gov.
CIS. CIS Controls v8. Center for Internet Security. 18 foundational controls across implementation groups 1–3. cisecurity.org.
ISO/IEC 27001:2022 Information Security Management Systems.
Federal Act on the Electronic Patient Record (EPRA/EPDG) governs Swiss health data alongside the nFADP. The EU's European Health Data Space (EHDS) is EU law and does not directly bind Swiss providers.

Your application is now under review. Our team will carefully evaluate your use case, commitment level, and strategic fit. If shortlisted, you will hear from us within 5 business days to schedule your Discovery Call.
Almost there – a few quick details first.