Cyber risk, operational resilience and regulatory compliance services

Tags Independent assurance & reviews Consulting Risk consulting Technology & digital consulting +3

Forvis Mazars in Switzerland supports organisations in strengthening cybersecurity, managing data protection and improving operational resilience in increasingly complex and regulated environments. Through our consulting and assurance services, we help clients assess cyber risks, strengthen governance frameworks and address regulatory expectations with FINMA requirements and beyond.

How we support organisations with cyber risk and operational resilience

Organisations typically seek our support when preparing for FINMA reviews or regulatory audits, strengthening operational resilience frameworks, assessing third-party and supply-chain cyber risks or improving cybersecurity governance and IT risk management controls. We also support clients preparing for certification or compliance assessments and addressing data protection and operational risk requirements.

Our services cover Cyber & Technology Risk, Third-Party & Supply Chain Management, Regulatory & Compliance Management, Data, Privacy & AI Risk, Operational Resilience & Continuity and Cyber Strategy & Readiness. Our approach combines risk-based advisory, regulatory understanding and practical implementation support to help organisations strengthen resilience, improve control environments and support long-term operational stability.

We support organisations ranging from SMEs to large international groups operating in regulated and technology-driven environments. Our clients include organisations in banking, insurance, asset management, healthcare, manufacturing, automotive and technology-related sectors facing evolving cyber threats, complex IT landscapes, third-party dependencies and increasing regulatory and operational risk requirements.

Discuss your cybersecurity challenges

Our services

Independent assurance & reviews

Operational Resilience & Continuity

Forvis Mazars in Switzerland supports organisations in strengthening operational resilience, business continuity and crisis preparedness in increasingly complex and regulated environments. Through our consulting and advisory services, we help clients assess operational resilience risks, improve continuity planning, strengthen incident and crisis management capabilities and address regulatory expectations,...

Independent assurance & reviews En savoir plus

Operational Resilience & Continuity

Cyber Security in MedTech┃Event registration opens Q4 2026

As cybersecurity threats, regulatory expectations and digital dependencies continue to evolve, MedTech organisations face increasing pressure to strengthen the security and resilience of their systems, data and operations. This event will explore key cybersecurity challenges affecting the MedTech sector, including cyber risk management, operational resilience, regulatory expectations, data protection and third-party risk considerations. It will also provide an opportunity to discuss how organisations can strengthen governance frameworks, improve preparedness and navigate increasingly complex technological and regulatory environments.

Medical professionals attending a cybersecurity and MedTech presentation in a modern healthcare training environment.

FAQ about cybersecurity, IT risk and operational resilience services
What is operational resilience and why is it important? Operational resilience refers to an organisation’s ability to prevent, respond to and recover from disruptions affecting critical operations, systems or services. Increasing regulatory expectations and evolving cyber threats have made operational resilience a key priority across regulated and technology-dependent sectors.
How do third-party and supply-chain cyber risks affect organisations? Organisations increasingly rely on external providers, digital platforms and interconnected supply chains. Weaknesses in third-party governance or supplier security can increase operational, cybersecurity and regulatory risks, particularly in complex or regulated environments.
Which cybersecurity standards, frameworks and assurance reporting approaches are commonly used? Our cybersecurity audits, advisory and assurance services are aligned with relevant regulatory requirements and established standards such as NIST, COBIT, FINMA guidelines, CIS Controls and ISO standards. Depending on the organisation’s risk profile, regulatory obligations, stakeholder expectations and maturity level, these frameworks can also be used as a basis for structured assurance reporting. For organisations that need to provide recurring evidence to clients, regulators, insurers or other external stakeholders, we support the development and execution of assurance reporting approaches such as ISAE 3000, SOC 1 or SOC 2. These reports help translate existing cybersecurity and ICT controls into a consistent, independently assessed and externally usable format. Our approach is proportionate and risk-based: we assess which frameworks and reporting formats are most suitable, define the appropriate scope and evaluate the readiness of controls and evidence before moving into formal assurance reporting.
How does Forvis Mazars in Switzerland approach cyber risk and resilience projects? Our cyber risk and resilience engagements are tailored to the client’s operating model, regulatory environment and maturity level. Depending on the mandate, our support can range from targeted assessments and roadmap development to longer-term operational support for CISO, CRO, risk, compliance and resilience teams. We often work with clients as an extension of their internal teams, providing specialist capacity, subject-matter expertise and structured delivery support across cybersecurity, ICT risk, operational resilience and governance topics. In addition, we support clients through periodic assurance arrangements over multiple years, helping them demonstrate the design and operating effectiveness of key controls to internal and external stakeholders.
What types of organisations typically require cyber risk and resilience support? Cyber risk and resilience services are commonly used by organisations operating in regulated, technology-driven or operationally complex environments, including financial services, healthcare, manufacturing, industrial and technology-related sectors.
What differentiates Forvis Mazars in Switzerland’s cyber services approach? Our approach combines technical expertise gained through audit and regulatory environments with pragmatic and risk-based implementation support. We focus on solutions that are aligned with the organisation’s operational context, regulatory obligations and business priorities.

FAQ about cybersecurity, IT risk and operational resilience services

What is operational resilience and why is it important?

Operational resilience refers to an organisation’s ability to prevent, respond to and recover from disruptions affecting critical operations, systems or services. Increasing regulatory expectations and evolving cyber threats have made operational resilience a key priority across regulated and technology-dependent sectors.

How do third-party and supply-chain cyber risks affect organisations?

Organisations increasingly rely on external providers, digital platforms and interconnected supply chains. Weaknesses in third-party governance or supplier security can increase operational, cybersecurity and regulatory risks, particularly in complex or regulated environments.

Which cybersecurity standards, frameworks and assurance reporting approaches are commonly used?

Our cybersecurity audits, advisory and assurance services are aligned with relevant regulatory requirements and established standards such as NIST, COBIT, FINMA guidelines, CIS Controls and ISO standards. Depending on the organisation’s risk profile, regulatory obligations, stakeholder expectations and maturity level, these frameworks can also be used as a basis for structured assurance reporting.

For organisations that need to provide recurring evidence to clients, regulators, insurers or other external stakeholders, we support the development and execution of assurance reporting approaches such as ISAE 3000, SOC 1 or SOC 2. These reports help translate existing cybersecurity and ICT controls into a consistent, independently assessed and externally usable format. Our approach is proportionate and risk-based: we assess which frameworks and reporting formats are most suitable, define the appropriate scope and evaluate the readiness of controls and evidence before moving into formal assurance reporting.

How does Forvis Mazars in Switzerland approach cyber risk and resilience projects?

Our cyber risk and resilience engagements are tailored to the client’s operating model, regulatory environment and maturity level. Depending on the mandate, our support can range from targeted assessments and roadmap development to longer-term operational support for CISO, CRO, risk, compliance and resilience teams. We often work with clients as an extension of their internal teams, providing specialist capacity, subject-matter expertise and structured delivery support across cybersecurity, ICT risk, operational resilience and governance topics. In addition, we support clients through periodic assurance arrangements over multiple years, helping them demonstrate the design and operating effectiveness of key controls to internal and external stakeholders.

What types of organisations typically require cyber risk and resilience support?

Cyber risk and resilience services are commonly used by organisations operating in regulated, technology-driven or operationally complex environments, including financial services, healthcare, manufacturing, industrial and technology-related sectors.

What differentiates Forvis Mazars in Switzerland’s cyber services approach?

Our approach combines technical expertise gained through audit and regulatory environments with pragmatic and risk-based implementation support. We focus on solutions that are aligned with the organisation’s operational context, regulatory obligations and business priorities.

Speak to our cyber risk specialists

Publications

6 mars 2026

Cyber resilience in insurance

The insurance industry occupies a unique position in the cyber security landscape, with access to sensitive policyholder data, responsibility for high-value claims and tight regulatory timelines, insurers face immense pressure to restore operations quickly following an attack.

Our cyber security team

The Cybersecurity Team is part of the Consulting division and is one of the fastest-growing teams at Forvis Mazars in Switzerland. Its service portfolio covers all aspects of cyber risk management and the establishment of operational resilience.