The malware ‘Wannacry’ infected over 200,000 computers in some 150 countries in May 2017. It crippled the UK healthcare system. | Image: Wikipedia/thegear.co.kr/14501

Cyberattacks can cripple entire computer systems and are making life difficult today for both companies and institutions. As a result, many of them are hiring private Computer Security Incident Response Teams (CSIRT). They can either help to prevent attacks, or at least restore data and infrastructure that have been hit by one. “In Switzerland, there are gaps in the laws and regulations that determine how these teams may work”, says Pauline Meyer, a lawyer at the University of Lausanne. “Legislation is lagging behind developments”. This means that organisations might be lulled into a false sense of security when they bring in just such a team. But researchers are now working on solutions. For Meyer, one possible way forward would be “a uniform certification for these teams that would oblige them to comply with certain standards”.

P. Meyer & Sylvain Métille: Computer security incident response teams: are they legally regulated? The Swiss example. International Cybersecurity Law Review (2022)