Red Teaming Switzerland 2026 - Top Providers

Last updated: June 23, 2026

Red Teaming in Switzerland

Switzerland, as an international financial center, places particularly high demands on cyber resilience. FINMA (Swiss Financial Market Supervisory Authority) and the NCSC (National Cyber Security Centre) set the regulatory framework.

Unlike a classic penetration test, which looks for vulnerabilities within a clearly bounded scope, a Red Teaming Assessment simulates a real, multi-stage attack against the entire organization - covertly and across technical, physical, and social attack vectors. The question is not only whether an intrusion succeeds, but whether the defense detects and stops it in time. It is exactly this test of detection and response capability that makes red teaming relevant for regulated Swiss financial institutions, which must demonstrate their operational resilience not just on paper but under realistic conditions.

Regulatory Framework

FINMA - Swiss Financial Market Supervisory Authority requirements for cyber resilience and operational stability
DORA - Digital Operational Resilience Act, also affects Swiss financial institutions with EU business
NCSC - National Cyber Security Centre, recommendations and situation reports

Regulatory Context for Red Teaming in Switzerland

Switzerland is not an EU member, so DORA and the European TIBER-EU framework do not apply directly here. What is decisive are the national requirements - above all FINMA Circular 2023/01 "Operational risks and resilience - banks", in force since 1 January 2024. It obliges supervised institutions to identify, manage, and regularly test their operational resilience. FINMA explicitly expects institutions to verify the effectiveness of their protective, detective, and responsive measures under realistic conditions - precisely what a red teaming assessment delivers.

Even though Switzerland does not run a mandatory TIBER offshoot, many Swiss banks and insurers increasingly align with equivalent, threat-led testing approaches (Threat-Led Penetration Testing). A Swiss institution that also does business within the EU may fall directly under the scope of DORA and then has to satisfy its active red-teaming phase, which lasts at least twelve weeks. A threat-led exercise therefore often serves two purposes at once: it addresses FINMA's expectation of tested resilience and lays the groundwork for a later, formal DORA TLPT.

For the processing of personal data, the revised Federal Act on Data Protection (revDSG), in force since 1 September 2023, is also relevant. Because red teaming - and social engineering in particular - frequently touches real employee data and production systems, clear rules of engagement, a sound data-processing agreement, and a documented legal basis are part of every serious Swiss engagement plan.

What to Look for When Choosing a Provider

Red teaming is a matter of trust - a capable team moves covertly through your production environment. When choosing a provider in Switzerland, pay attention to the following:

A dedicated red team, not generalists - the provider should run red teaming as a core business and bring verifiable certifications (OSCP, OSEP, CRTO), not offer pentesting as a side service.
Threat-led methodology - a serious assessment starts with realistic threat intelligence and reproduces the TTPs of relevant attacker groups instead of working through a generic checklist.
Regulatory experience - familiarity with FINMA Circular 2023/01, with TLPT/DORA-aligned processes, and with the requirements for documentation and evidence.
Clean rules of engagement and data protection - a clearly defined scope, emergency communication channels, revDSG-compliant data processing, and transparent handling of production systems.
A clear report and knowledge transfer - the value of red teaming lies in learning from it. A good provider explains attack paths in an understandable way and derives concrete, prioritized measures for the blue team.

Red Teaming Providers in Switzerland

slashsec Red Teaming GmbH

Vienna, Austria · Engagements across DACH · slashsec.at

Specialized Red Teaming and pentesting provider from Vienna with a clear focus on Adversary Simulations across the entire DACH region. The entire team consists of experienced Red Teamers with years of hands-on experience in offensive IT security - no generalists, but dedicated specialists.

Red Teaming Assessments aligned with TIBER-AT / TIBER-DE / TIBER-EU / DORA
Penetration Testing (Web Applications, Infrastructure, Active Directory, Cloud)
Physical Security & Social Engineering
Initial Access, Assumed Breach & Lateral Movement
Experience with international enterprises and critical infrastructure
Highest certification density in the team (OSCP, OSEP, OSWE, CRTO, CRTO2)
Engagements in Austria, Germany, and Switzerland

Schedule a free consultation

Compass Security - Swiss security firm (Rapperswil-Jona), Red Teaming and penetration testing
NVISO - Red Teaming and offensive security, Switzerland office
Oneconsult - Cybersecurity services, Zurich, Red Teaming and incident response
Redguard - Penetration testing and security assessments, Bern
scip AG - Security research, Red Teaming and penetration testing, Zurich

This overview of Red Teaming providers in Switzerland has been compiled to the best of our knowledge. We do not guarantee the accuracy or currency of the information.

We welcome tips about additional providers. We only list companies that offer Red Teaming or pentesting services themselves (no pure resellers).

For inquiries and tips, send us a message at E-Mail.

→ All Red Teaming Providers in the DACH Region
→ All Pentesting Providers in the DACH Region
→ All Physical Security Providers in the DACH Region