Yes. The nFADP (new Federal Act on Data Protection, in force since September 2023) requires notification to the FDPIC as quickly as possible if a personal data breach presents a high risk to the individuals concerned. A ransomware attack that has accessed or exfiltrated personal data triggers this obligation. Bexxo supports companies through this regulatory process as part of its intervention.

Yes, in many cases. Our data recovery experts — the same teams as SOS Data Recovery, active since 2006 — can extract data directly from physical media (hard drives, SSDs, servers, NAS) using advanced forensic techniques. Ransomware encrypts files, it does not necessarily destroy them at the physical level. The recovery rate depends on the type of ransomware and the condition of the media.

For a Swiss SME, outsourcing the CISO function (vCISO — Virtual CISO) is often more cost-effective than a full-time hire. Bexxo can fulfil this role: defining the security policy, attending management meetings, handling incident management and reporting — at a cost suited to your size.

Yes. nFADP compliance (new Federal Act on Data Protection, Switzerland) is integrated into all our consulting engagements. We analyse your data processing activities, identify gaps, implement the required technical and organisational measures and provide you with the documentation needed in the event of an FDPIC inspection.

The initial intervention begins within 2 hours of contact. The total recovery time varies from 24 hours (data accessible via intact backups) to 5 to 10 business days for complex cases requiring forensic extraction or advanced decryption. An accurate assessment is provided after the initial analysis phase, before any commitment.

Our consulting engagements start from CHF 2,500 for an initial diagnosis. A full engagement (strategy + nFADP compliance + training) ranges from CHF 8,000 to CHF 35,000 depending on the size of the company and the scope. A personalised quote is provided after a free initial consultation.

The nFADP (in force since September 2023) requires organisational data protection measures, including staff awareness. Beyond the legal obligation, training is the most cost-effective prevention lever: 91% of cyberattacks start with a phishing email (KnowBe4), a threat entirely preventable through training.

In the majority of cases, no. Paying the ransom does not guarantee recovery: 56% of organisations that paid only partially recovered their data (Sophos 2024), and 80% are re-attacked within the year. Bexxo first evaluates all technical options — decryption, backups, forensic extraction — before considering any negotiation, which always remains a last resort.

Yes, unconditionally. The initial analysis is offered by Bexxo as part of our cybersecurity awareness initiative for Swiss SMEs. No credit card is required, no contract is signed. At the end of the analysis, if you are interested in additional services (in-depth audit, package, training), you will receive a detailed quote — which you are free to accept or decline. 68% of Swiss SMEs have never had a cybersecurity review (NCSC): this analysis is designed to remove that barrier.

The analysis covers 5 priority areas for SMEs:

• Network: firewall configuration, remote access (VPN), segmentation.
• Website: SSL/TLS, security headers, common vulnerabilities (OWASP Top 10).
• Authentication: password policy, MFA, administrator access management.
• Training: level of team awareness on phishing (91% of cyberattacks start with an email — Proofpoint 2024).
• Data: classification of sensitive data, nFADP compliance.

Depending on your needs, the analysis can focus on one or more specific areas.

You will receive a detailed action plan with customized recommendations and an implementation timeline. Bexxo also provides follow-up to measure progress and adjust the strategy as needed.

At the end of the exchange with the Bexxo expert, you receive by email a personalized PDF report including: (1) a summary of the risks identified by area, classified by criticality (high/medium/low); (2) a prioritized action plan with the measures to implement first; (3) recommendations adapted to the size and sector of your company. You can view an example report via the link below. This report can be used as a basis for your internal audits or presented in the event of an nFADP inspection.

Bexxo's free cybersecurity analysis is a personalized assessment of your company's security posture, carried out free of charge and without commitment by a Bexxo expert. In a 30-minute exchange, we assess your risks across 5 areas: network infrastructure, website, access management (MFA authentication), team awareness on phishing, and classification of sensitive data. You then receive a written PDF report with the identified vulnerabilities and a prioritized action plan — identical to the report given to our paying clients.

Cybersecurity consulting is a strategic support service provided by external experts designed to assess an organisation's risks, define an appropriate security policy and oversee its implementation. At Bexxo, our consultants draw on the ISO 27002:2022 standard and the NIST CSF framework to structure each engagement.

Ransomware recovery is an emergency intervention process designed to restore access to data and systems encrypted by an attack, without yielding to cybercriminals' demands. It includes forensic analysis of the malware, searching for decryption tools, restoration from backups and, if necessary, data extraction directly from physical media.