The survey pursued the same objectives as last year: To provide decision-makers with a navigation tool to understand the present, anticipate future turning points and compare their progress with that of their sector or the market.

Central results

This year's observation shows that the Swiss data and AI ecosystem is undergoing a profound transformation, with fewer pilot projects but more initiatives that have made the step to scale. 39% (28 percentage points less compared to the previous year) of organizations have moved beyond the exploration phase with identified use cases and pilot projects around generative AI. 52% (+8 percentage points) have introduced content generation assistants or modules "on a large scale".

This development goes hand in hand with a better strategic understanding:

• 62% (+25 percentage points) state that their teams have good to very good knowledge of AI concepts. The databases are also improving thanks to higher data quality and more data-oriented decision-making:
• 62% (+14 percentage points) rate their data quality as good to excellent, and 41% (+3 percentage points) see themselves as "data driven".

At the same time, expectations and potential around AI continue to rise: 74% of respondents (+5 percentage points) believe that AI can solve the company's main problems.

Nevertheless, many challenges remain and continue to hinder industrialization. For example, 70% (21 percentage points less than in the previous year) rate their ecosystem as being of low/medium maturity.

Cultural change as a hurdle

Beyond the technology, the introduction of AI initiatives requires a thoughtful approach, as Jean Meneveau, Managing Director of Colombus Consulting Switzerland, emphasizes: "AI is changing the timelines of strategies and projects at a breathtaking speed [...]. Companies are struggling to keep up with this pace. The question of method is central: it is important to launch very operational and pragmatic initiatives, but also to take a step back, choose the right technology partners [...] and stay the course, even if the roadmap can change significantly. Agility with a capital A."

Cultural change remains one of the most important hurdles to the comprehensive integration of AI. 70% of the still less committed organizations state that the main obstacle is not technical but human in nature. Ethics is also becoming an indispensable cornerstone: 70% of Swiss organizations state that they include ethical considerations in their decision-making processes on AI. However, the measures are only partially effective, according to another result of the study. This is because only 53% state that they at least occasionally take concrete measures to identify and reduce bias.

The use of AI in companies is concentrated in the areas of customer and product: 77% (-11 percentage points) of applications relate to customer-oriented areas (customer service, marketing, sales), and 75% (+8 percentage points) of applications relate to product and supply chain-related areas.

Continuous learning

Behind these findings are several lessons that remind us of the key conditions for success: Organizations that are not yet using AI show significantly less understanding of AI at the executive level, making executive education an immediate priority. Yvan CognasseSenior Director Enterprise Architects at Oracle EMEA in Geneva, recalls: "The real challenge is not what AI can do, but deciding what you want to do with it. This requires not only judgment and curiosity on the part of the decision-makers, but also commitment and the will to learn continuously. After all, they are the ones who have the responsibility to turn the promises of AI into tangible, useful, measurable and long-term beneficial effects."

Among organizations with poor data quality, 80% derive at least one tangible benefit from AI, proving that imperfect data should not hinder initiatives. The more mature an organization is, the higher its declared efficiency - underlining the importance of investing in internal capabilities. AI governance is being strengthened and now involves both business units, compliance departments and IT teams, with ethics committees increasingly validating use cases before going live.

Conclusion of the study: The initial "wow effect" must be transformed into rational use cases that are aligned with the business objectives. The initial euphoria should be transformed into a sustainable and secure introduction that creates value without succumbing to fads. There are no significant differences between industries in terms of AI's ability to solve complex problems - which shows that internal maturity and competencies are the real success factors.

Source: Colombus Consulting

The Kickstart open innovation program brings together 36 pioneering startups from 14 countries - including a quarter from Switzerland - working on groundbreaking technologies such as real-time deepfake detection, food systems of the future and biological age testing. Building on a ten-year track record that has seen alumni startups raise over 2.8 billion Swiss francs in capital by 2024, this year's cohort will rethink topics such as health, nutrition and technology in a profound, data-driven and consciously responsible way. Partnerships with major Swiss companies such as AXA, the City of Zurich, Coop, la Mobilière, MSD, PostFinance/VNTR, Swisscom and others make this possible.

"These are not just technical experiments. These are solutions that will shape Switzerland's competitive advantage in the coming decade," says Katka Letzing, CEO and co-founder of Kickstart Innovation. From sustainable materials and healthcare to AI-supported innovations, Switzerland offers the perfect stage for this: highly networked, quality-oriented and determined. The recently launched Swiss {ai} Weeks initiative, which Kickstart helped to initiate with its expertise, further strengthens this position.

Swiss start-ups drive global technology breakthroughs

A quarter of this year's cohort consists of Swiss start-ups. Many of them have emerged from university spin-offs and tech hubs. Switzerland is thus consolidating its role as a location for innovation and a springboard for global growth. International start-ups are also part of the program to gain a foothold in Switzerland - a testament to the country's global appeal as a dynamic ecosystem for innovation, collaboration and business growth. These include:

• Genknowme based in Lausanne, offers an epigenetic blood test that reveals biological age and stress-related changes and positions Switzerland at the forefront of global longevity medicine.
• ai based in Zurich, has developed a technology for the real-time detection of deepfakes in audio and video content - a crucial protection, as AI-generated misinformation threatens democratic processes and corporate communication worldwide.
• Meeco based in Australia, has developed a secure data exchange platform that enables individuals and organizations to access, control and share personal data and digital assets. This is done using a privacy-by-design approach and low-code tools.
• WeShop AI based in Hong Kong, offers a platform that uses AI to create product and model images for e-commerce. Users can generate appealing visuals from just one photo - without any time-consuming post-processing. The platform also enables the creation of videos from static images.
• city based in Vienna, offers an AI-supported platform that is revolutionizing environmental modelling in urban planning: Using microclimate simulations, it supports architects and urban planners in designing more sustainable and liveable cities.

Innovation in key industries

The Kickstart Innovation Program supports high-growth start-ups and scale-ups in five key areas: Health and wellbeing, finance and insurance (including cybersecurity), food and retail, new working environments and learning cultures, and smart city development concepts. These fields are among the most urgent and at the same time most promising social and economic challenges and promote effective cooperation between startups, leading Swiss corporations and public institutions.

In addition to working with startups, Kickstart also supports the internal transformation of leading organizations, for example through its academy and intrapreneurship programs, which support employees from brainstorming to founding their own ventures. In addition, Mission 2050 aligns its innovation programs with Switzerland's strategic goals in the areas of the circular economy, sustainability and social inclusion, thereby strengthening an ecosystem that is both future-proof and impact-oriented.

Further information: https://www.kickstart-innovation.com/

The study "The Future of Product Development - Product Lifecycle Management in Focus" reveals significant weaknesses in supply networks. The survey, commissioned by Aras, a provider of product lifecycle management and digital thread solutions, polled 656 executives from the US, Europe and Japan to find out how industrial companies are adapting their supply chains in the wake of digital transformation.

Inefficient tools in use

"Companies are keen to integrate their suppliers into digital processes. However, the reality is often different. Many still use inefficient tools that delay decisions and increase the susceptibility to errors in communication," says Jens Rollenmüller, Regional Vice President at Aras. According to the survey, 79 percent of companies share information about product design or technology with their suppliers, and 83 percent share compliance and sustainability data. However, the methods used give cause for concern: 52 percent rely on email and file sharing services, 49 percent on face-to-face meetings. Only 43 percent use digital collaboration platforms.

"Traditional methods of communication simply don't meet the demands of today's fast-paced business world," says industry expert Rollenmüller. "Companies need systems that enable the precise, seamless and secure exchange of information. Everyone involved must be able to rely on the data being up-to-date, correct and tamper-proof - and that no errors occur due to manual processing."

Digital collaboration as a competitive advantage

Nine out of ten respondents confirm that supply chain integration is central to their product lifecycle management and digital thread strategy. "An integrated supply chain not only reduces costs, but is also essential for business success in a world of increasing market volatility," explains Rollenmüller. Companies that break down data silos and share information in real time are better able to manage crises and meet customer needs in a more targeted manner. The early exchange of development data and strategic goals is becoming a decisive differentiator in highly competitive markets.

However, close integration also poses challenges: Companies must navigate the tension between strategic partnership and operational independence while coordinating heterogeneous IT landscapes and different corporate cultures. At the same time, the requirements for data protection and cyber security are becoming considerably more stringent as networking progresses.

PLM systems close the gap

To overcome these challenges and ensure security, Rollenmüller recommends the use of a PLM system (Product Lifecycle Management). Such a system manages product data centrally and offers network partners secure access to it. "PLM acts like an intelligent distribution node," explains Rollenmüller. "If a malfunction occurs, companies can react immediately with PLM because the data is structured and available at all times - and not buried in some email inbox." The practical benefits are obvious: "Every delay and every miscommunication in the supply chain causes direct costs in the form of production downtime, missed deadlines and angry customers. PLM gives companies the transparency they need and the tools to make quick, well-founded decisions."

"PLM creates trust in the supply network and fundamentally transforms the way companies work together," says Rollenmüller. "It eliminates time-consuming manual coordination, minimizes sources of error and strengthens operational resilience - a decisive competitive advantage in today's volatile markets.

Source: Aras

Phoenix Technologies AG, a leading provider of sovereign cloud and AI infrastructure in Switzerland, announced the availability of Apertus on its sovereign cloud. Developed by EPFL, ETH Zurich and the Swiss National Supercomputing Center (CSCS), Switzerland's first open and transparent Large Language Model (LLM) can now be deployed on Phoenix Technologies' high-performance infrastructure. This milestone strengthens Switzerland's digital autonomy and establishes the country's first end-to-end sovereign AI solution, according to the statement.

Data is completely subject to Swiss law

According to the company, for the first time, Swiss organizations in sensitive sectors such as finance, healthcare and government can use a state-of-the-art LLM without their data ever leaving Swiss jurisdiction. This approach directly addresses the critical innovation needs of organizations while mitigating the risks associated with foreign AI platforms. It provides a trusted pathway for companies looking to harness the power of generative AI while fully complying with Switzerland's strict data protection standards.

"This is a declaration of Switzerland's digital independence," said Thomas Taroni, Executive Chairman and Founder of Phoenix Technologies. "For too long, Swiss companies faced a difficult choice: either innovate with foreign AI and risk data sovereignty or fall behind. Today, this decision is outdated. By combining the Apertus model with our sovereign, high-performance infrastructure, we offer the definitive Swiss answer to AI. We are empowering entire industries to build the future on a foundation of trust, security and Swiss values."

Advanced safety functions

The technical basis of the solution combines fully open-source AI with Phoenix Technologies' enterprise-grade infrastructure. Apertus is available with up to 70 billion parameters and is characterized by its fully documented development process and multilingualism. This model runs on Phoenix's cloud platform powered by next-generation NVIDIA H100 and H200 enterprise-grade GPUs. The platform is equipped with advanced security features, including Confidential Computing, which protects data not only at rest and in transit, but also during processing, ensuring an unprecedented level of security for sensitive workloads.

Available immediately

The Apertus model can now be provided via the "AI Model as a Service" and "Sovereign LLM Serving" services from Phoenix Technologies. Interested companies can contact Phoenix Technologies for a consultation.

Source: www.phoenix-technologies.ch

The Holzbau Plus quality label focuses on people. The label certifies companies that actively cultivate an employee-oriented corporate culture that goes beyond the basic provisions of the Collective Labor Agreement for Timber Construction. The label promotes the sustainable development of companies and makes a significant contribution to competitiveness and job security. Certified companies can be recertified after three years. 

60 timber construction companies carry the Holzbau Plus label 

In 2025, four new companies were awarded the quality label. These include Jampen Holzbau AG from Hittnau (ZH), rebreg AG from Oey, Allenbach Holzbau und Solartechnik AG from Frutigen (both BE) and Holzbau Jäggi Dulliken AG from Dulliken (SO), see below.

16 companies that already carry the label underwent successful recertification and secured the label for a further three years. With the new additions, a total of 60 Swiss timber construction companies are now holders of the Holzbau Plus label.

"We are proud to recognize new companies with our award every year. Each individual certification is a significant success - both for the companies and for their customers as well as the entire timber construction industry," says Stefan Strausak, Managing Director of the Swiss Joint Professional Committee for Timber Construction (SPBH), which is responsible for awarding the label.

The four newly certified companies in 2025 

• Jampen Holzbau AG, Hittnau (ZH), jampen-holzbau.ch
• rebreg AG, Oey (BE), rebreg.ch
• Allenbach Holzbau und Solartechnik AG, Frutigen (BE), solarholzbauer.ch
• Holzbau Jäggi Dulliken AG, Dulliken (SO), holzbaujaeggi.ch

Source: www.holzbau-plus.ch

In 2013, Opacc Software AG, based in Rothenburg LU, was the first IT company in Switzerland to be awarded the "Friendly Workspace" quality label. The renewed award this year confirms the consistent commitment to systematic and practiced occupational health management. The current recertification focused on the framework conditions, continuity and strategic anchoring within the company.

Opacc once again received top marks in this year's recertification. The assessors from Health Promotion Switzerland, which awards the label, particularly emphasized the clear anchoring of BGM in the course of the year and in everyday working life. The active further development by the internal "Friendly Work Space" working group, the transparent internal communication, the large number of benefits and the targeted management training were also praised. 

Sabrina Cabiddu, responsible for OHM at Opacc, emphasizes: "If our employees are motivated and healthy, not only they benefit, but also our customers and our company". Cris Wouters, Managing Partner at Opacc, emphasizes the strategic benefits of the label: "We make targeted investments in a working environment that is not only efficient, but also sustainably healthy - for our employees, our corporate culture and our joint success."

Source: Opacc

Holistic communication solutions that combine voice, email, chat, video and collaboration are seen as the model of the future in strategy and marketing. In reality, however, most companies work with separate systems. IP telephony, whether in the cloud or locally, usually runs separately from email and collaboration tools, while chat platforms are rarely integrated. For many companies, the aspiration of a standardized platform remains a goal, not a reality.

Market analyses show a high level of interest: The European market for Unified Communication & Collaboration (UCC) is estimated at 49 billion US dollars, with 18% annual growth until 2030. Over 65% of companies in Western Europe use cloud-based tools to some extent, but only just under half are pursuing a mobile-first strategy. In the majority of cases, systems that can only be used on mobile devices remain in place - without any real integration of voice, video, chat and email.

Underestimated stumbling blocks

One reason is the high complexity of implementation. A central platform requires far-reaching interventions in existing structures, consolidation of systems, training, process adjustments and clarification of compliance and data protection issues. In Europe in particular, the GDPR makes it difficult to integrate sensitive voice and video data. The effort involved is enormous, and the efficiency gains often only become apparent in the long term.

The costs are also a deterrent. Licenses, ongoing fees, training programs and adjustments to the IT landscape make UC platforms expensive. Many companies therefore prefer to rely on specialized systems. Studies also show that modern IP telephony platforms enable savings of up to 30-40 percent compared to traditional telephone systems. A strong voice solution can therefore be cost-efficient and future-proof without the complexity of complete UCC environments.

In addition, specialized tools such as Microsoft Exchange, Google Workspace, Slack, Teams or Zoom have long been established. Switching to a monolithic platform would often create duplicate structures and additional costs without noticeably improving the quality of communication. Especially in the area of voice, companies value the stability and reliability of specialized IP solutions over complex integration attempts.

IP voice solutions for modern communication

Language remains at the heart of business communication anyway. It enables precision, a personal approach and fast responses. Modern IP telephones offer HD audio, integration into existing IT systems, remote support and compatibility with common platforms - in other words, precisely the functions that are crucial for efficient processes. For many companies, a strong IP telephony infrastructure provides more practical benefits than a fully integrated UCC solution. In practice, this is demonstrated by telephones with integrated Wi-Fi or as robust DECT end devices. The German manufacturer Snom refers here to its Snom D865 model, for example. Such devices not only offer reliable telephony, but can also be integrated into systems for alerting, localization or AI transcription. Especially in environments such as production, logistics or healthcare, their stability and high voice quality ensure clear communication - even for AI-supported applications.

Although many IT managers see UCC as a long-term vision, they are currently relying on proven modular architectures. The combination of IP telephony, collaboration tools and email systems is the more pragmatic solution for most companies. This means that UCC will remain more of a pipe dream in 2025, while modern IP voice solutions are already making a decisive contribution to clear, reliable and efficient communication today.

Source: Snom Technology GmbH

The capability testing of machines used in screwdriving technology is a comprehensive challenge that should not be underestimated for any company operating in this field. The new draft is part of the VDI/VDE 2645 series of guidelines "Capability testing of screwdriving technology machines", which is divided into three sheets: Sheet 1: Measuring device capability, Sheet 2: Machine capability testing and Sheet 3: Process capability testing.

The Sheet 1 therefore focuses on measuring devices. The requirements are aimed at measuring and testing devices that are used to monitor measuring equipment at the bolting point (e.g. testing systems), that are used directly at the bolting point (e.g. inline sensors, torque/angle wrenches) and that are used for the MFU/sampling testing of assembly tools (e.g. rotating sensors).

The core of the specifications is the measuring device capability test: measuring and testing devices may only be used in the screwdriving process if stability, process tolerance and reproducibility have been verified. This ensures that quality deviations are detected at an early stage before they cause high costs or safety-critical errors.

The VDI/VDE 2645 Part 1 E guideline was published as a draft in June 2025 and can be ordered for EUR 117.10 from Din Media can be ordered. 

Source: VDI

Data volumes in companies are growing, and with them the challenges of data protection. This is because it is no longer primarily stored on well-secured internal servers, but is constantly flowing back and forth between end devices inside and outside the company network, local infrastructures and clouds, as well as new AI tools. Traditional security concepts cannot keep up with this diversity and dynamism - companies need to focus on the data itself and regulate in detail what can and cannot be done with it. Solutions for data loss prevention (DLP) help with this. In the experience of the IT security service provider Forcepoint, the following approach has proven to be successful when introducing them:

• Step 1: Define goals and use cases
  First of all, companies need to clarify what goals they want to achieve with the introduction of a DLP solution: Is it about protecting valuable intellectual property or regulatory requirements, for example in relation to data protection? Should a secure basis for hybrid working models be created or is the focus on the introduction of new cloud services and AI tools that should not lead to data leaks? Based on this, companies can create a risk profile that includes the different types of data to be protected, the channels through which it can flow and the consequences of data outflows.
• Step 2: Set up implementation plan
  Once it has been determined which data and channels are to be protected, a roadmap for the DLP introduction can be defined. To do this, companies need to get all stakeholders on board and clarify responsibilities, such as who will take care of installation and integration into the existing infrastructure, who will optimize policies and who will handle incidents. A timetable can then be drawn up jointly, taking into account the available personnel resources and also allowing time for testing.
• Step 3: Define guidelines and workflows
  Once the project management preparations have been completed, the guidelines that the DLP solution will later enforce can be drawn up. To do this, experts from the specialist departments should be consulted to help assess what impact the loss or theft of data would have. Based on this, actions can be defined for activities such as sending data by email or uploading it to the cloud. For non-critical data, logging is usually sufficient; for other data, a warning, an approval process or blocking of the action is possible, depending on the channel and criticality. Encryption can also be enforced, for example when saving documents on USB sticks. It is important that actions are initiated as automatically as possible in order to reduce the workload of the security team and avoid delays for users. Only events with unknown effects should require manual intervention: The relevant workflows - Who looks at the incident? Who decides on the measures? - are also defined in this project phase.
• Step 4: Introduce DLP and use it for monitoring
  Now comes the actual installation and configuration of the DLP solution. Before it is fully activated and the policies are enforced, it should initially be used largely passively - only for monitoring. This gives companies an insight into all data movements and the potential impact of their policies. If they turn out to be too restrictive, they can still make adjustments. Only policies that concern highly critical activities such as the mass upload of data to suspicious destinations on the Internet should actually be enforced at this stage. Furthermore, it often makes sense not to start the DLP deployment company-wide, but with one channel such as email or cloud, with one department or with one region.
• Step 5: Start enforcing policies
  Once the fine-tuning of the policies has been completed, they can finally be enforced - here too, it is advisable to take a step-by-step approach and start with the most critical data and channels, for example. However, a close look at monitoring is still recommended to ensure that employees are not hindered in legitimate activities and that policies are adjusted quickly if necessary. It is also ideal if the DLP solution does not rely on rigid guidelines, but takes into account the context of activities and changes guidelines according to the risk. After all, it is often only the context that shows whether an action is harmless or security-critical, for example because the user accesses data at unusual times or from unusual locations or suddenly downloads significantly larger amounts of data than in their previous working day.
• Step 6: Make optimizations
  Once the actual DLP implementation has been completed, it is time for analysis and optimization. If, for example, certain risky behavioral patterns emerge in the workforce, companies can provide targeted training. The effectiveness of the guidelines should also be continuously reviewed. Ultimately, just like the introduction of DLP, data security is not a one-off action that is completed at some point, but should be continually optimized to take account of new technologies, tools, data types and threats.
• Step 7: Deploy DLP company-wide
  The DLP implementation is completed with the extension of protection to the remaining data types and channels that were not yet considered in steps 4 and 5. If a modern DLP solution is used, the existing policies can easily be applied to other channels, which is why the effort involved is manageable. If necessary, existing policies can also be replicated and adapted if a channel has special requirements. 
• Step 8: Extend DLP to DPSM
  Expanding a DLP solution to a complete Data Security Posture Management (DSPM) can significantly improve the effectiveness of policies. DSPM offers functions for automatic data discovery and data classification so that companies do not overlook any data assets and have less manual effort. DSPM also helps to detect and eliminate excessive permissions for files, thus further reducing the risk of security breaches. This makes it easier to implement least privilege principles. Last but not least, DSPM also identifies data that is redundant, outdated or superfluous and can be deleted to reduce storage costs. 

"A DLP implementation is not a mammoth project, as many companies fear," emphasizes Fabian Glöser, Team Lead Sales Engineering Nordics, Central & Eastern Europe at Forcepoint. "A structured approach ensures that human resources are used optimally and that the project goals are not lost sight of. Modern DLP and DSPM solutions also use AI for data classification and come with a ready-made policy set, which significantly reduces manual effort. In many projects, we have completed data discovery and data classification after just two to four weeks, know what is happening with sensitive data and can enforce the first company-specific guidelines."

Source and further information: Forcepoint

Switzerland is cautious about the rapid development of artificial intelligence (AI). According to the latest "AI Monitor" from Ipsos, a small majority of the population is more nervous than enthusiastic about new AI products and services. This puts Switzerland in line with English-speaking countries such as the USA and the UK, while euphoria prevails in Southeast Asia.

Demand for transparency

The issue of trust is particularly sensitive for many. Only 41% of Swiss people believe that companies protect their data effectively when using AI. Half of those surveyed are skeptical. By contrast, trust in government regulation is much higher: 55% trust the authorities to handle the technology responsibly.

One point that unites the population is the demand for transparency. A whopping 77 percent expect companies to clearly declare the use of AI. Switzerland is thus joining the global call for openness - from France to Canada, there is a remarkable consensus in this regard.

AI is changing everyday life

The effects of AI are already being felt by many. 43% say that their everyday lives are already being changed by AI, and the trend is rising. In the next three to five years, 61% expect more far-reaching changes - a figure below the global average, but significantly above that of the previous year.

The population also has different views on specific areas of application. While 76% assume that AI will shape online search results in the future, many see advantages in increased efficiency or in entertainment. But when it comes to the labor market, concerns prevail: 41% fear negative consequences for jobs in the country, even though a third personally expect better working conditions.

Pragmatism required

"The results reflect Switzerland's pragmatic attitude," says Jean-Pierre Berst, Chief Client Officer at Ipsos. Trust and transparency will be crucial if companies want to successfully introduce AI, continues Berst.

The message is clear: in a country where quality and trust are core values, artificial intelligence is not celebrated as a promise of salvation - but as a challenge that must be met with caution and openness.

Source: Ipsos

Synprovis owners Hubert and Lisbeth Geisseler are looking forward to the milestone of their retirement in 2026 and have therefore planned their succession early.

Thomas Kronenberg as successor

"A successful succession plan is considered a masterpiece in the life of an entrepreneur. We are happy to have found the ideal solution for employees, customers and partners in Thomas Kronenberg," explains Hubert Geisseler.

Since the beginning of August, 38-year-old entrepreneur Thomas Kronenberg has been the new CEO, sales manager and owner of the company based in Eich, Lucerne. He brings broad management experience from the Swiss SME environment and focuses on practical implementation and sustainable further development.

"I am very much looking forward to building on the strong foundation, developing Synprovis further and leading the premium brand Improve into the future," explains the new CEO. For him, the focus is on customer benefit - with a clear, long-term perspective. Hubert and Lisbeth Geisseler will actively oversee the transition until the end of 2025 and will continue to support the company in an advisory capacity thereafter.

Continuity ensured

Customers can count on a seamless transition without any loss of knowledge. The well-established team will remain fully intact. "We will continue to develop Improve and secure our technological leadership position in the long term," emphasizes Thomas Kronenberg. With a view to the new ISO 9001:2026 standard, the company has already developed a digital solution for document control and process modeling. This will enable the company to meet the upcoming requirements at an early stage.

Source: www.synprovis.ch

The key finding of the DUO study: AI-based phishing is one of the biggest threats to identities in 2025, according to 34 % of the executives surveyed. At the same time, however, AI is also modernizing identity protection. 87 % of companies in Europe are introducing appropriate security solutions in their corporate networks to ward off AI-based attacks. 

Significant risks for identity security

Although executives understand the importance of identity security, there are major gaps in terms of trust and implementation. According to the study, only a third (34 %) of European executives believe that their current identity provider (IdP) can prevent attacks on identities. This is partly due to complex systems and a lack of transparency regarding potential vulnerabilities.

A full 96 % of executives say that a complex identity infrastructure compromises their overall security. In addition, 88 % admit that they do not have a complete overview of the identity risks in their company. No wonder: on average, IT and security teams use five tools to solve an identity problem.

The consequences can be costly. Almost half (48 %) of decision-makers report financial losses due to identity theft. In response to this risk, 76 % have already increased their investment in identity security for 2025.

Constant phishing and MFA gaps

This is particularly important given the constant threat of phishing, which requires the comprehensive implementation of multi-factor authentication (MFA). However, while 88 % of executives believe that phishing-resistant MFA is critical to their security, only 32 % are confident in their phishing controls.

Nevertheless, 42 % of European companies have already introduced FIDO2 tokens for phishing-resistant MFA. The hardware tokens in accordance with the standards of the FIDO Alliance (Fast IDentity Online) are connected to a computer as a USB stick, for example, and offer a high level of security as the private key remains on the device. However, these tokens are often reserved for privileged users due to the cost of management (59 %), hardware costs (47 %) and additional training (44 %). At least 52 % of managers want to introduce passwordless access, but expect implementation to be challenging.

70% want to consolidate providers - also to improve real-time transparency

In general, there are a number of hurdles when it comes to securing identities. For example, a significant 80 % of IT leaders admit that identity security solutions are added as an afterthought to infrastructure planning rather than integrated from the outset. This can lead to additional costs, complexity and impaired transparency. To improve this, 70 % of teams are actively looking at consolidating vendors.

In addition, real-time visibility into the behavior of identities and devices is necessary for security and IT teams to make informed decisions. After all, 53 % of companies currently have fully integrated identity and device telemetry.

"Companies need modern identity solutions that prioritize security without compromising user-friendliness," summarizes Christopher Tighe, General Manager at Cisco Switzerland. "Only a security-oriented IAM - identity and access management - in the corporate network guarantees strong identity protection against AI attacks."