Published on 6 July 2026
Phishing Simulation for Businesses: What Swiss SMEs Need to Know
Why SMEs are a popular target
Many small and medium-sized businesses assume they're not interesting to cybercriminals. The opposite is true: SMEs often hold valuable data and payment flows but invest, on average, far less in IT security than large corporations – a mismatch that gets deliberately exploited. According to recurring reports from the NCSC (National Cyber Security Centre) and cantonal police, phishing has been among the most commonly reported cyber incidents in Switzerland for years.
Why classic training alone often isn't enough
A one-off security briefing or a PDF handout conveys knowledge – but knowledge isn't the same as behavior under real pressure. The moment someone clicks a phishing link almost never happens in a calm setting – it happens between two meetings, with thirty unread emails in the inbox. Realistic simulations close exactly this gap, because they train behavior in a controlled but everyday-like situation.
How a simulation typically works
Employees receive simulated phishing messages through the same channels real attacks use – email, SMS, and increasingly WhatsApp. Instead of punishment for a wrong click, there's immediate, constructive feedback: which warning sign was missed, what to look out for. Managers get an aggregated overview of the team's progress without singling out individual employees.
Legal framework in Switzerland
When using phishing simulations, the requirements of the revised Data Protection Act (revDSG) must be observed – in particular transparency towards employees and how test results are stored and evaluated. Aggregated, non-personal evaluations at team or department level are far less sensitive than individual employee assessments – one reason why many providers, including us, deliberately limit themselves to aggregated reports for management.
What company size makes it worthwhile
Contrary to popular belief, phishing simulation isn't a big-corporation topic. Even very small businesses with just a few employees are exposed to a single successful attack just as much as a large corporation – often with far less financial buffer to absorb an incident. Modern solutions are scaled accordingly, making them affordable per person and month even for a 5- or 10-person team.
The first step
The easiest way to get a feel for it is a free, no-obligation trial run: you experience the simulation from an employee's perspective, with no registration required.
Test your team today
Try the free demo access yourself or register your company directly.