Switzerland's new cybersecurity laws just made our product mandatory. 75,000 SMEs. No accessible solution. We are building it.
Switzerland's regulatory landscape has fundamentally shifted — and the mass market of SMEs has no compliant, affordable solution.
Since April 2025, organisations must report cyberattacks to the NCSC within 24 hours. Fines up to CHF 100,000. Knowing your attack surface is the only defensible compliance strategy.
Operative since January 2025. Swiss financial institutions and their suppliers must conduct annual attack surface assessments. Creates indirect obligations for thousands of Swiss SME suppliers.
European clients now audit their Swiss suppliers' cybersecurity posture as a condition of contract. A Swiss SME without evidence of surface monitoring risks losing enterprise customers.
Existing solutions cost CHF 10,000–25,000/year, require internal IT access, and target enterprise clients. 70% of Swiss SMEs have no formal cybersecurity posture — and no tool built for them.
Before company formation, we independently enumerated the entire Swiss .ch domain namespace — over 2.5 million domains. This proprietary dataset is the foundation for every product feature and cannot be easily replicated. No domestic or international player holds this asset.
The dataset enables national-level risk benchmarking against Swiss industry peers, identification of .ch look-alike domains used for phishing, and longitudinal tracking of the Swiss internet attack surface over time. These are capabilities no generic global platform can offer.
"We have performed a complete enumeration of the entire Swiss .ch domain namespace. This is the foundation for a scalable SaaS product — and a moat that grows with every scan."
HELVETISCAN monitors everything an attacker can see from the outside — no agent installation, no IT access, no technical expertise needed by the client.
Expired or weak TLS certificates, missing CT logs, outdated protocol versions — including certificates expiring within 30 days.
Missing CAA records, absence of DNSSEC signing, wildcard exposure, and full subdomain enumeration including forgotten legacy assets.
HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy — scored and benchmarked against Swiss industry peers.
Open database ports, RDP, legacy protocols visible on the public internet — ranked by exploitability and business impact.
Full SPF/DKIM/DMARC policy validation — not just presence detection. Identifies whether a domain can be impersonated today.
LLM-generated plain-language risk reports explaining findings in business terms — structured for ISG, DORA, and FINMA audit requirements.
Continuous monitoring for typosquatted, homoglyph, and combo-squatted domains that impersonate your brand — catching phishing infrastructure before it is weaponised against your customers or employees.
These are not estimates. Every figure comes from production scans of the full Swiss namespace — the same engine that powers the platform.
76.4% of .ch domains return a live HTTP response. 450,916 domains fail DNS entirely — no active server behind them.
71.7% of live .ch domains end on HTTPS — but over a quarter of Swiss sites transmit data unencrypted in 2025.
1,146,818 .ch domains can be impersonated in a phishing attack today — SPF absent or permissive, DMARC missing or on p=none.
Databases, file shares, and container APIs are directly reachable from the public internet on tens of thousands of Swiss domains.
Data sovereignty is a live compliance issue. 207,977 domains have both foreign DNS control and foreign hosting — fully outside Swiss jurisdiction.
Basic browser-enforced protections are absent on nearly half of Swiss domains — HSTS, CSP, X-Frame-Options are the norm in every other developed market.
Over 977,666 domains of the Swiss namespace runs software with actively exploited vulnerabilities confirmed by the US CISA Known Exploited Vulnerabilities catalog.
93.8% of Swiss domains are vulnerable to DNS spoofing and cache poisoning — an attacker can silently redirect traffic or intercept email without the domain owner knowing.
Over 870,000 Swiss domains publicly expose control interfaces — login pages, dashboards, and management consoles — reachable by anyone on the open internet.
A single composite risk index synthesising every scan dimension — TLS, DNS, email security, exposed services, headers, CVEs, and hosting sovereignty — benchmarked against 1.8 million .ch domains and calibrated by sector. No other Swiss tool produces this.
Your score is benchmarked against every peer in your sector — legal, finance, healthcare, retail — so you see exactly how exposed you are relative to competitors.
Weekly score deltas show whether your security posture is strengthening or degrading — essential for board reporting and NIS2 compliance evidence.
Every finding is ranked by its score impact. Clients get a prioritised remediation list — not a raw dump of data — so limited IT resources go to the highest-risk issues first.
HelvetiScore is the foundation of every report we generate — the single number that turns 50+ raw scan dimensions into a decision an SME owner can act on.
Every existing player has built upmarket. None of them have incentive to build a CHF 800/year automated tool for the SME mass market.
| Criteria | Swiss Post Cyber | Exeon Analytics | ImmuniWeb | HELVETISCAN |
|---|---|---|---|---|
| Target Market | Enterprise (250+) | Mid-Market | Enterprise | SME (primary) |
| Annual Price | CHF 200k+ | CHF 50k+ | CHF 15k+ | CHF 800 |
| Internal Access Required | ✘ Yes | ✘ Yes | ⚠ Partial | ✔ No |
| Swiss .ch Proprietary Dataset | ✘ No | ✘ No | ✘ No | ✔ 100% namespace |
| AI Risk Narrative | ✘ No | ⚠ Partial | ⚠ Partial | ✔ Yes |
| DORA-Ready Reports | ✔ Yes | ✔ Yes | ⚠ Partial | ✔ Yes |
| Self-Serve / No Sales Required | ✘ No | ✘ No | ✘ No | ✔ Yes |
Three high-priority verticals for go-to-market — each with a direct regulatory trigger.
Roche, Novartis, and 3,000+ Swiss suppliers under GDPR, NIS2, and FDA cybersecurity requirements.
300+ fintechs, 200+ banks, thousands of insurance and asset management firms subject to FINMA and DORA.
Law firms, audit firms, HR tech — increasingly required by enterprise clients to demonstrate cyber hygiene.
80% of Swiss SMEs work with fiduciaries. 10 partnerships unlock access to their entire client base.
Built by a technical founder. Every core module is operational.