Organisations typically seek our support when preparing for FINMA reviews or regulatory audits, strengthening operational resilience frameworks, assessing third-party and supply-chain cyber risks or improving cybersecurity governance and IT risk management controls. We also support clients preparing for certification or compliance assessments and addressing data protection and operational risk requirements.
Our services cover Cyber & Technology Risk, Third-Party & Supply Chain Management, Regulatory & Compliance Management, Data, Privacy & AI Risk, Operational Resilience & Continuity and Cyber Strategy & Readiness. Our approach combines risk-based advisory, regulatory understanding and practical implementation support to help organisations strengthen resilience, improve control environments and support long-term operational stability.
We support organisations ranging from SMEs to large international groups operating in regulated and technology-driven environments. Our clients include organisations in banking, insurance, asset management, healthcare, manufacturing, automotive and technology-related sectors facing evolving cyber threats, complex IT landscapes, third-party dependencies and increasing regulatory and operational risk requirements.
Forvis Mazars in Switzerland supports organisations in strengthening operational resilience, business continuity and crisis preparedness in increasingly complex and regulated environments. Through our consulting and advisory services, we help clients assess operational resilience risks, improve continuity planning, strengthen incident and crisis management capabilities and address regulatory expectations,...
Explore more
FAQ about cybersecurity, IT risk and operational resilience services |
|---|
What is operational resilience and why is it important?Operational resilience refers to an organisation’s ability to prevent, respond to and recover from disruptions affecting critical operations, systems or services. Increasing regulatory expectations and evolving cyber threats have made operational resilience a key priority across regulated and technology-dependent sectors. |
How do third-party and supply-chain cyber risks affect organisations?Organisations increasingly rely on external providers, digital platforms and interconnected supply chains. Weaknesses in third-party governance or supplier security can increase operational, cybersecurity and regulatory risks, particularly in complex or regulated environments. |
Which cybersecurity standards, frameworks and assurance reporting approaches are commonly used?Our cybersecurity audits, advisory and assurance services are aligned with relevant regulatory requirements and established standards such as NIST, COBIT, FINMA guidelines, CIS Controls and ISO standards. Depending on the organisation’s risk profile, regulatory obligations, stakeholder expectations and maturity level, these frameworks can also be used as a basis for structured assurance reporting. For organisations that need to provide recurring evidence to clients, regulators, insurers or other external stakeholders, we support the development and execution of assurance reporting approaches such as ISAE 3000, SOC 1 or SOC 2. These reports help translate existing cybersecurity and ICT controls into a consistent, independently assessed and externally usable format. Our approach is proportionate and risk-based: we assess which frameworks and reporting formats are most suitable, define the appropriate scope and evaluate the readiness of controls and evidence before moving into formal assurance reporting. |
How does Forvis Mazars in Switzerland approach cyber risk and resilience projects?Our cyber risk and resilience engagements are tailored to the client’s operating model, regulatory environment and maturity level. Depending on the mandate, our support can range from targeted assessments and roadmap development to longer-term operational support for CISO, CRO, risk, compliance and resilience teams. We often work with clients as an extension of their internal teams, providing specialist capacity, subject-matter expertise and structured delivery support across cybersecurity, ICT risk, operational resilience and governance topics. In addition, we support clients through periodic assurance arrangements over multiple years, helping them demonstrate the design and operating effectiveness of key controls to internal and external stakeholders. |
What types of organisations typically require cyber risk and resilience support?Cyber risk and resilience services are commonly used by organisations operating in regulated, technology-driven or operationally complex environments, including financial services, healthcare, manufacturing, industrial and technology-related sectors. |
What differentiates Forvis Mazars in Switzerland’s cyber services approach?Our approach combines technical expertise gained through audit and regulatory environments with pragmatic and risk-based implementation support. We focus on solutions that are aligned with the organisation’s operational context, regulatory obligations and business priorities. |
The insurance industry occupies a unique position in the cyber security landscape, with access to sensitive policyholder data, responsibility for high-value claims and tight regulatory timelines, insurers face immense pressure to restore operations quickly following an attack.
The Cybersecurity Team is part of the Consulting division and is one of the fastest-growing teams at Forvis Mazars in Switzerland. Its service portfolio covers all aspects of cyber risk management and the establishment of operational resilience.
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
For more information on the cookies we use, please refer to our Privacy Policy.
This website cannot function properly without these cookies.
Analytical cookies help us enhance our website by collecting information on its usage.
We use marketing cookies to increase the relevancy of our advertising campaigns.