Physical Security Providers Switzerland 2026

Last updated:

Physical Security Assessments in Switzerland

For Swiss organizations, especially in the financial sector, physical security testing is a key component of cyber resilience. While classic penetration tests focus on networks and applications, a physical security assessment examines whether someone can gain unauthorized access to buildings, server rooms, data centers, trading floors, or workspaces - and what would be possible afterward. This is often where the shortest paths to critical systems open up: a side door left ajar, a clonable employee badge, an unattended network port in a meeting room, or staff who hold the door open for a friendly-seeming stranger.

A realistic assessment combines technical and human vectors: bypassing access controls, cloning RFID and NFC badges, lock picking, tailgating, and on-site social engineering. The results reveal not just individual weaknesses but expose how well physical measures, processes, and employee behavior actually work together when it counts.

Regulatory Context in Switzerland

Switzerland is not an EU member, which means the Digital Operational Resilience Act (DORA) and the TIBER-EU framework do not apply directly here. The relevant supervision comes instead from FINMA (the Swiss Financial Market Supervisory Authority). Swiss financial institutions are nonetheless increasingly aligning with equivalent threat-led testing approaches, and physical security is an integral part of that picture:

  • FINMA Circular 2023/01 "Operational Risks and Resilience - Banks" (in force since 1 January 2024) expects banks to actively test their operational resilience and protect critical functions. Protecting data centers, server rooms, and work environments against unauthorized physical access falls directly under this - a physical security assessment provides practical evidence that access controls, surveillance, and response processes genuinely work.
  • Revised Data Protection Act (revDSG) (in force since 1 September 2023): adequate protection of personal data also includes suitable technical and organizational measures against physical access. Anyone who gains entry to an office or data center can, in the worst case, bypass every logical safeguard - a frequently underestimated data protection risk.
  • DORA / TIBER-EU as orientation: even without direct applicability, these frameworks serve as a reference. Swiss institutions with EU business, or internationally active groups, therefore often integrate physical attack vectors into holistic, threat-led red teaming scenarios rather than treating them in isolation.

For most organizations it makes sense to view physical security testing not as a standalone measure but as part of a broader red teaming exercise that connects physical, technical, and human weaknesses within one coherent attack scenario.

What to Look For When Choosing a Provider

Specialized physical security testing providers are rare - which makes careful selection all the more important. These criteria help with the assessment:

  • Dedicated physical intrusion experience: make sure a team demonstrably carries out physical engagements (lock picking, badge cloning, access control bypass) and does not merely review concepts on paper. Ask for concrete, anonymized case examples.
  • Holistic approach: the most meaningful results emerge when physical vectors are embedded in a complete red teaming exercise - from entering the building to reaching internal systems. This shows what a real attack could actually achieve.
  • Legal certainty and clear rules: reputable providers work with clean rules of engagement, written mandates, and "get-out-of-jail" letters so that the team is legally protected on-site and escalations are avoided.
  • Diligence and discretion: physical engagements involve employees, buildings, and sometimes third parties. Thorough preparation, agreed escalation paths, and transparent documentation are mandatory.
  • Actionable reporting: the report should not just list weaknesses but prioritize structural, procedural, and behavioral recommendations, and remain understandable for both executive leadership and security teams.

Physical Security Providers in Switzerland

slashsec Red Teaming GmbH

Vienna, Austria · Engagements across DACH · slashsec.at

Leading provider for Physical Security Assessments as part of holistic Red Teaming engagements in the DACH region. Dedicated Physical Intrusion Experts, TIBER-compliant, experience with international enterprises and critical infrastructure.

  • Physical penetration testing & lock picking
  • Tailgating & on-site social engineering
  • Access control system analysis and bypass
  • RFID/NFC cloning and badge manipulation
  • Integration into holistic Red Teaming assessments
  • Engagements in Austria, Germany, and Switzerland
Schedule a free consultation
  • Compass Security - Physical Security Assessments and Red Teaming, Rapperswil-Jona
  • Oneconsult - Red Teaming with physical intrusion and social engineering components, Thalwil
  • scip - Offensive security and Red Teaming including physical attack scenarios, Zurich

This overview of Physical Security Assessment providers in Switzerland has been compiled to the best of our knowledge. We do not guarantee the accuracy or currency of the information.

We welcome tips about additional providers for physical security testing. We only list companies that offer Physical Security Assessments themselves (no pure resellers).

For inquiries and tips, send us a message at E-Mail.

All Physical Security Providers in the DACH Region
All Red Teaming Providers in the DACH Region
All Pentesting Providers in the DACH Region

Request red teaming, a pentest or physical security

slashsec is a specialized red team from Vienna - engagements across the DACH region, TIBER-AT/DORA-aligned assessments and the highest certification density in the team (OSCP, OSEP, OSWE, CRTO).

Book a free 30-min consultation

All services at a glance · Red teaming services · Contact