Digital Risk Protection (DRP) is no longer a pure IT project. Fake domains, darknet listings and a marked increase in CEO fraud force boards and CISOs to assume strategic responsibility. This article explains the current threat landscape in Switzerland, how fake domains and CEO fraud work, the regulatory implications, and which measures decision‑makers should prioritise.
What is Digital Risk Protection (DRP)? Definition and core tasks
Digital Risk Protection denotes a set of processes, technologies and services that protect companies from external risks arising from their digital presence. This includes monitoring the darknet and marketplaces, detecting fake domains and social‑media impersonation, as well as monitoring leaks and data offerings. DRP combines technical monitoring with regular processes for brand protection and incident response.
Core tasks are: discovery and takedown of fake domains, monitoring for compromised credentials, protection of the brand against online imitation, and rapid takedown processes. For the board, DRP means this is about governance of external reputation and fraud risks, not just firewall tuning.
DRP addresses risks outside the network
Why DRP matters for company leadership
Fake domains and CEO fraud have direct financial consequences and erode trust. While IT provides technical defence, decisions on budget, legal enforcement and external communication are leadership tasks. DRP requires interfaces to legal, compliance and communications — therefore responsibility must be anchored at executive level.
For CISOs and boards: Without a clear DRP strategy, organisations remain vulnerable to external manipulations that evidently cannot be prevented by classic IT controls.
Current Swiss case numbers: CEO fraud and phishing
Recent reports document a sharp rise in CEO fraud and an explosion of phishing activity in Switzerland. These developments are evidenced by multiple studies and industry reports and affect companies of all sizes.
CEO fraud: steep rise 2023–2024
According to an analysis by the Swiss Cyber Institute and summary information from the Federal Office for Cyber Security, the number of documented CEO fraud cases in Switzerland rose from 487 (2023) to 719 (2024) — an increase of around 48%. These attacks typically start with phishing emails and social engineering and target the authorisation processes for payments. The analysis warns that attackers increasingly use AI‑generated messages that imitate legitimate communication patterns (Swiss Cyber Institute).
Phishing and fake domains: massive growth in 2024
The report “Swiss Cyberattacks: Trends and Analysis 2024–2025” documents an explosion of phishing messages in Switzerland: Over 975,000 phishing emails were recorded in 2024 – compared with fewer than 500,000 in 2023, an increase of around 95%. Common patterns include fake domains, imitation of well‑known Swiss providers and fraudulent shipping or payment notifications. Attackers also use AI to create highly convincing content (SPIE / OFCS summary).
Impacts: financial risk and reputational damage
The documented trends show clear impacts: direct financial losses due to unauthorised transfers, increased compliance workload and loss of customer trust. In parallel, the insurance industry reports a shift in cyber risk and growth dynamics in cyber insurance (Swiss Re), while consulting firms emphasise the need for digital trust (PwC).
Regulatory pressure: reporting duties and compliance
Switzerland adopted new requirements in 2025 obliging operators of critical infrastructure to report cyber incidents within short deadlines. Since 1 April 2025, affected operators have had a 24‑hour reporting duty; sanctions for non‑reporting have applied since 1 October 2025. This regulation significantly changes the demands on detection, reporting and governance (Industrial Cyber).
For boards this means: incident response capabilities and DRP processes must be organised so that incidents can be identified, assessed and reported quickly. Legal and communications teams must be involved early to limit regulatory and reputational consequences.
Action fields for board and CISO
The combination of rising attacks, AI‑enabled deception and new reporting duties requires concrete measures. Decision‑makers should treat DRP as part of enterprise risk management and allocate budget for initial DRP measures and takedown services.
Recommended first steps for supervisory and leadership bodies
1) Inventory of the digital attack surface: Record brands, domains, subdomains and critical communication channels. Identify which domains are particularly susceptible to impersonation.
2) DRP monitoring and takedown processes: Implement continuous monitoring (including darknet) and contractually secured takedown services. Ensure interfaces with legal and brand protection.
3) Strengthen financial controls: Automated second approvals, out‑of‑band confirmations and strict payment approval processes reduce the success rate of CEO fraud.
4) Awareness and crisis communication: Train board members, the executive team and relevant staff on AI‑based deception. Develop playbooks for rapid communication after an incident.
5) Integration into governance and budget planning: Formally anchor DRP services in the risk register and hold a starter budget to cover monitoring, takedown and initial legal measures.
Conclusion
Fake domains and CEO fraud are no longer marginal phenomena but systemic risks with direct financial and reputational effects. Swiss studies and reports document a clear rise in incidents and a tightening of regulatory requirements. Digital Risk Protection must therefore become a board‑level priority: responsibility for budget, governance and reporting lies with the board and executive management; strategic security planning, technical implementation and operational measures with the CISO.
Your next step
If you want to quantify the digital attack surface and implement initial DRP measures, we support you with prioritisation, budget planning and implementation.
🎯 Key takeaways – act now
Concrete conclusions for the board, CEO and CISO:
✓ Make DRP a governance task: Anchor responsibilities and budget in the risk register.
✓ Monitor fake domains and the darknet: Continuous monitoring and fast takedown paths are essential.
✓ Strengthen financial controls: Out‑of‑band confirmations and multi‑step approvals reduce CEO fraud risks.
✓ Budget recommendation: Plan a starter budget for monitoring, takedown and initial legal measures.
✓ Regular review: Evaluate DRP measures in the context of compliance changes and market trends, e.g. reports by SPIE/OFCS and Swiss Cyber Institute.
Frequently asked questions: DRP FAQ
What is Digital Risk Protection?
Digital Risk Protection is a cross‑disciplinary practice that minimises visible and invisible external risks for companies — from fake domains and brand abuse to data offerings on the darknet. DRP combines technical monitoring with legal and communications measures.
Does our company need DRP?
Yes. Companies with a relevant digital presence, sensitive payment flows or well‑known brands should implement DRP. The threat landscape in Switzerland — documented among others by SPIE/OFCS and Swiss Cyber Institute — shows that DRP requires investment and clear governance.
