Strengthening cyber-security governance and compliance at Sunrise

“Analysys Mason's structured approach helped us transform our already solid ISMS into a more modern and proactive cyber-security-infused security management framework. This will give us a strategic advantage, ensuring business continuity through cyber resilience and, with that, fuel long-term business success." 

-- Antti Partanen, Chief Information Security Officer, Sunrise Communications AG

The challenge

Establishing a robust, scalable cyber-security framework

Sunrise has been a leading telecoms provider in Switzerland for several years, scoring “outstanding” for 9 years in a row in the Mobile Benchmark Test conducted by the renowned Connect Magazine. Sunrise was the first to launch 5G in Switzerland in 2019 and has held the ISO27001 certification since 2014. As there is always room for improvement, Sunrise embarked on a journey to enhance its cyber-security capabilities to safeguard customer data, to meet increasing regulatory and compliance requirements, but also to fuel business growth. 

In 2023, the company took a significant step by forming a dedicated cyber-security team. Based on this strong foundation, Sunrise needed to develop a strategic framework that would provide clarity, structure and scalability, ensuring its security practices evolved in line with expanding operations. The goal was to strengthen the company’s cyber-security posture and to ensure consistency with Sunrise’s broader business objectives to position the company for future success.

Our approach 

Building a tailored cyber-security framework with strategic direction

Analysys Mason partnered with Sunrise to create a dynamic, strategic framework and help strengthen its cyber-security governance, and support its ambitious growth strategy. 

We began by conducting a comprehensive evaluation of Sunrise’s existing cyber-security practices, assessing them against the specific needs of the telecoms sector. The outcome was a tailored maturity model that highlighted the company’s strengths and identified key opportunities for further growth and improvement. 

This allowed us to design an overall framework that would provide clarity, accountability and transparency – ensuring that cyber-security practices scaled seamlessly with Sunrise’s operations.

The key elements of this framework included:

• Cyber-security governance model: a tailored maturity model and centralised reporting framework docked directly into the company’s already existing ISMS, providing leadership with the insights needed for strategic decision-making and fostering greater transparency across the business.
• Compliance integration: ensuring security practices were fully aligned with relevant regulatory standards, enabling Sunrise to continue to fulfil evolving compliance requirements, and prepare the company for future developments in this area. 
• Operational efficiency tools: custom tools to optimise project management, improve tracking of security initiatives, and enhance resource allocation, ultimately boosting operational efficiency.
• Strategic roadmap: a clear, prioritised approach to cyber security that integrated risk management, compliance and organisational goals, empowering Sunrise to take a proactive, long-term stance on security.

By embedding cyber security into Sunrise’s broader business strategy, we helped the company move beyond technical measures, positioning cyber security as a core enabler of growth, resilience and sustained success.

The impact 

Turning Sunrise’s cyber security into a competitive edge

The collaboration between Sunrise and Analysys Mason delivered significant, transformative results by strengthening security maturity and operational efficiency.  

Enhanced cyber-security insights

• Implemented a tailored maturity model and centralised reporting framework.
• Developed a dynamic framework that can react to and interact with data, retaining relevance and efficacy over time.
• Provided best practices with clear, data-driven insights for strategic decision-making.
• Identified strengths and opportunities to improve cyber-security resilience.

Operational efficiency and risk management

• Developed customised tools to track and manage security initiatives.
• Enabled the cyber-security team to focus on high-impact improvement actions and projects.
• Aligned security efforts with business objectives through a strategic roadmap.

Long-term security resilience

• Ensured security measures met industry standards (ISO27001, ISO22301, ISO20000, ISAE3000, ISAE3402).
• Provided ongoing support to adapt tools and processes as needs evolved.
• Strengthened Sunrise’s position as a leader in telecoms security.

Today, Sunrise is well equipped to stay ahead of emerging cyber-security challenges, ensuring long-term resilience and growth.