What is operational resilience and why is it important?
Operational resilience refers to an organisation’s ability to prevent, respond to and recover from disruptions affecting critical operations, systems or services. Increasing regulatory expectations and evolving cyber threats have made operational resilience a key priority across regulated and technology-dependent sectors.
How do third-party and supply-chain cyber risks affect organisations?
Organisations increasingly rely on external providers, digital platforms and interconnected supply chains. Weaknesses in third-party governance or supplier security can increase operational, cybersecurity and regulatory risks, particularly in complex or regulated environments.
Which cybersecurity standards, frameworks and assurance reporting approaches are commonly used?
Our cybersecurity audits, advisory and assurance services are aligned with relevant regulatory requirements and established standards such as NIST, COBIT, FINMA guidelines, CIS Controls and ISO standards. Depending on the organisation’s risk profile, regulatory obligations, stakeholder expectations and maturity level, these frameworks can also be used as a basis for structured assurance reporting.
For organisations that need to provide recurring evidence to clients, regulators, insurers or other external stakeholders, we support the development and execution of assurance reporting approaches such as ISAE 3000, SOC 1 or SOC 2. These reports help translate existing cybersecurity and ICT controls into a consistent, independently assessed and externally usable format. Our approach is proportionate and risk-based: we assess which frameworks and reporting formats are most suitable, define the appropriate scope and evaluate the readiness of controls and evidence before moving into formal assurance reporting.
How does Forvis Mazars in Switzerland approach cyber risk and resilience projects?
Our cyber risk and resilience engagements are tailored to the client’s operating model, regulatory environment and maturity level. Depending on the mandate, our support can range from targeted assessments and roadmap development to longer-term operational support for CISO, CRO, risk, compliance and resilience teams. We often work with clients as an extension of their internal teams, providing specialist capacity, subject-matter expertise and structured delivery support across cybersecurity, ICT risk, operational resilience and governance topics. In addition, we support clients through periodic assurance arrangements over multiple years, helping them demonstrate the design and operating effectiveness of key controls to internal and external stakeholders.
What types of organisations typically require cyber risk and resilience support?
Cyber risk and resilience services are commonly used by organisations operating in regulated, technology-driven or operationally complex environments, including financial services, healthcare, manufacturing, industrial and technology-related sectors.
What differentiates Forvis Mazars in Switzerland’s cyber services approach?
Our approach combines technical expertise gained through audit and regulatory environments with pragmatic and risk-based implementation support. We focus on solutions that are aligned with the organisation’s operational context, regulatory obligations and business priorities.
Publications
Our cyber security team
The Cybersecurity Team is part of the Consulting division and is one of the fastest-growing teams at Forvis Mazars in Switzerland. Its service portfolio covers all aspects of cyber risk management and the establishment of operational resilience.
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
For more information on the cookies we use, please refer to our Privacy Policy.
This website cannot function properly without these cookies.
Analytical cookies help us enhance our website by collecting information on its usage.
We use marketing cookies to increase the relevancy of our advertising campaigns.