Digitalisation in the German-speaking region is progressing slowly, and the security architecture of many companies is lagging behind. SMEs in Germany, Austria, and Switzerland often find themselves flying blind in the face of cyber threats. The platform cybersecurity-schweiz is now fundamentally changing this. With the introduction of a free IT baseline protection check based on expert knowledge, professional risk management is becoming accessible to everyone for the first time, and closes the gap between automated analysis and personal consulting.
It is a paradox of the modern economy: while small and medium-sized enterprises (SMEs) form the backbone of the economy in the DACH region, they are often the weakest link in the digital supply chain. The threat landscape has changed dramatically in recent years. Where “script kiddies” once randomly defaced websites, highly professional cartels now operate ransomware-as-a-service (RaaS).
For IT managers and executives, the situation is confusing. The question is usually no longer whether an attack will occur, but when. Yet to protect yourself, you need to know your own status quo. This is exactly where many companies fail. Professional security audits often cost four- to five-figure sums and tie up internal resources for days. The result is a dangerous “ostrich strategy”: hoping it will not hit you.
With the launch of the new IT baseline protection tool on cybersecurity-schweiz, this situation comes to an end. From now on, the platform offers a way to determine the security level of your own IT infrastructure in a valid, fast, and, above all, free manner.
The Paradigm Shift: Security as a Public Good
The approach of cybersecurity-schweiz is disruptive. Market-standard tools are often “lead magnets” that deliver only superficial results and then immediately charge for real analysis. The new IT baseline protection check takes a different path. It is one of the first features to offer a deep, methodologically sound analysis completely free of charge.
The goal is clear: the barrier to getting started in IT security should be lowered so far that no company in the DACH region has an excuse not to know its risks. It is about democratising expert knowledge.
Swiss Precision for the Entire DACH Region
The check is based on the IKT-Minimalstandard issued by the Swiss Federal Office. Originally developed for critical infrastructure and security of supply in Switzerland, this framework has established itself as a “gold standard” for pragmatic security.
Why is this relevant for companies in Germany or Austria? Cybercrime knows no national borders, and defence mechanisms are universal. The IKT-Minimalstandard stands out by focusing on what matters most. It does not get lost in academic theory, but demands concrete, effective measures. By using these strict Swiss requirements as a benchmark, companies across the entire German-speaking region receive an assessment that often goes beyond local minimum requirements. Anyone who passes this check is well-positioned, regardless of whether the company is based in Zurich, Munich, or Vienna.
Methodological Depth: The Five Dimensions of Security
To ensure real informative value, the tool does not simply mirror a checklist, but follows the logic of the NIST Cybersecurity Framework. This internationally recognised model divides cyber defence into five functional areas. The IT baseline protection check assesses each of these areas in detail:
- Identify (Identify)
Security begins with knowledge. Many companies do not know exactly which devices are in their network or which data counts as “crown-jewel relevant”. The check asks whether an asset inventory exists and whether risks to business processes have been classified. Only what you know can you protect.
- Protect (Protect)
This is the classic moat. Here, the tool evaluates the hard facts:
Is multi-factor authentication (MFA) used consistently?
Is there strict patch management that closes security vulnerabilities promptly?
How are access permissions managed?
Are employees sensitised through training?
- Detect (Detect)
Prevention is important, but never 100%. If an attacker breaches the protective wall, it must be noticed. The [Link: Fragenkatalog] analyses whether logging mechanisms are active and whether these logs are also evaluated. An attack that is only detected after six months (the industry average) is often fatal.
- Respond (Respond)
When the system raises the alarm: who does what? The existence and currency of emergency plans are put to the test here. An incident response plan must not be a dusty document in a drawer; it must represent a lived end-to-end process chain.
- Recover (Recover)
The last line of defence. If ransomware encrypts all data, how quickly can the company operate again? The tool puts the backup strategy through its paces – for example, whether backups are “immutable” (unchangeable) and stored separately from the network.
The Decisive Difference: The Human Factor
Up to this point, one could argue that other software solutions ask similar questions. But cybersecurity-schweiz offers a decisive, unique selling proposition (USP) that is rare in the industry: the availability of real people. The responsible developer, Guido Marsch, supports companies together with his team and artificial intelligence workflows (AI workflows).
An automated report that certifies a company a “score of 65%” often raises more questions than it answers.
“Is that good or catastrophic?”
“Why is my backup strategy rated only as average?”
“Which measure should I implement first?”
This is where the platform’s hybrid model comes into play. Users are not left on their own after the evaluation. Auditors and certified IT security experts are available to clarify follow-up questions.
This service turns the IT baseline protection check from a pure analysis tool into a consulting instrument. It enables SMEs to place the results in the context of their specific industry and company size. Experts can help prioritise the identified gaps – because not every risk must be solved immediately with expensive hardware. Often organisational adjustments are enough, cost little, and achieve a lot.
Why “Free” Is a Strategic Advantage
Critics may ask: “If the tool is that good, why does it cost nothing?” The answer lies in the mission of cybersecurity-schweiz. The security of the digital economy is an ecosystem problem. An insecure SME can be the entry point for attacks on larger partner companies (supply chain attacks).
By removing the financial barrier to diagnosis, the overall level is raised. Companies should not have to spend their budget on identifying the problem, but on solving it. The free audit is therefore a trust-building measure. It shows that cybersecurity-schweiz is not interested in quickly selling licences, but in sustainable resilience.
The option to consult experts afterwards creates a win-win situation: companies gain orientation, and the platform establishes itself as a serious partner for those who need deeper support.
The Process: Clarity in a Few Minutes
Using the tool is deliberately designed to be low-threshold. There is no need for a lengthy installation of software agents. The check is web-based and guides users intuitively through the set of questions.
Start: Visit the cybersecurity-schweiz website.
Analysis: Answer the questions across the five NIST areas.
Result: Immediate calculation of the overall score and visual presentation of strengths and weaknesses.
Action: Use the evaluation as a basis for internal risk management or contact the experts for a detailed analysis.
An Essential Step for Executives
At a time when cyber insurers are drastically increasing their requirements and legislators (see new EU directives such as NIS-2, which also affect Swiss suppliers) are setting stricter standards, ignorance is a liability risk.
The IT baseline protection check from cybersecurity-schweiz is the ideal tool to address this risk. It offers companies in the DACH region a free, professional, and supported way to determine their maturity level. It is more than a checklist – it is the entry point to a secure digital future, accompanied by experts who know what matters.
Take the first step now and check your security level at Link.