Frequently Asked Questions
The most important questions about our services, processes and pricing.
What does a penetration test cost?
A pentest for a single web application starts from CHF 5,000. The price depends on scope: number of systems, complexity and desired test depth. After a short scoping call, you'll receive a binding offer within 48 hours.
What does a security audit cost?
A security audit for an SME with 50 to 250 employees typically ranges between CHF 5,000 and CHF 15,000. The exact scope is defined during scoping: which systems, which compliance requirements, which depth.
How quickly can you start?
Most engagements begin within one to two weeks after scoping. In the event of an active security incident, we respond within hours.
What do I get after a pentest?
A comprehensive report with an executive summary for management, technical findings with proof-of-exploit, prioritised remediation guidance with code examples and a 90-day retest window. Language: German or English.
Does NIS2 affect me as a Swiss company?
Not directly, NIS2 is an EU directive. But if you supply to the EU, your clients are increasingly demanding NIS2-compliant evidence through the supply chain. Over 160,000 EU organisations fall directly under NIS2, and their Swiss suppliers are indirectly affected.
What is the ISG reporting obligation?
Since 1 April 2025, operators of critical infrastructure must report cyberattacks to BACS within 24 hours. Since October 2025, fines of up to CHF 100,000 apply. We support with classification, reporting and technical requirements.
Does my SME need a CISO?
Most SMEs don't need a full-time CISO, but someone to coordinate security strategy, board reporting and incident response. Our CISO-as-a-Service model starts from two days per month.
Do you sign an NDA?
Yes, before every engagement. Confidentiality is non-negotiable. All findings, reports and communication are transmitted and stored encrypted.
Do you work remotely or on-site?
The majority of our work is done remotely via secure VPN connections. For physical access tests, social engineering scenarios and workshops, we come on-site. We serve clients across the entire DACH region.
Where is my data stored?
On Swiss infrastructure. Our SIEM, our tools and our communication run on servers in Switzerland. Your logs and data don't leave the country.
What is the ICT minimum standard?
A framework recommended by the Swiss government with 108 measures, based on the NIST Cybersecurity Framework. Already mandatory in the energy sector. We assess your IT security against this standard and deliver a concrete action plan.
What languages do you communicate in?
German, English and French. We deliver reports in German or English by default.