Cyber on the Slopes: Protecting the Ski Industry from Hackers

Portes du Soleil is major ski region along the Switzerland-France border with 600 kilometers of pistes and 208 ski lifts – and some of the very best powder terrain in all of the Alps. But, if you wanted to buy a ski ticket on a recent March Day in the height of ski season, you were out of luck. Cybercriminals had crippled the local infrastructure of the resort, which meant the internet, ticketing system, and vending machines were all out of service.

“Thanks to the segmentation of services, all customer data was protected. By switching the customer terminals to a different IP configuration, we were at least able to resume the operation of the turnstiles for customers during the day. Only company data was encrypted; the cash register programs are independent of our controller domain, so customer data was not affected,” explains Nicolas Nétuschill, IT Manager at Portes du Soleil Suisse SA. It took two full days to get the essential parts of the infrastructure and the first online cash registers back up and running.

The increasing pace of digital transformation and the emergence of new technologies have made companies of all types vulnerable to cyberattacks. Cyber threats are rising rapidly, especially “ransomware attacks” like the one on Portes du Soleil.

After the cyberattack, Portes du Soleil Suisse SA, which operates the Swiss side of the cross-border ski area, saw an urgent need to act. As a Zurich customer, the company turned to its insurer to enhance its cybersecurity going forward. The Zurich Resilience Solutions cyber services team was called in to help and create a plan of action.

“We proposed a long-term, multi-stage project to the company, where our cyber prevention expertise and capabilities would help the ski resort to better understand and manage their risks,” says Sylvain Luiset, head of cyber services for Zurich Resilience Solutions in Switzerland.

In the first phase, hacking tests were carried out to examine the technology systems of Portes du Soleil for vulnerabilities, followed by a security report with recommended improvements. Then, over the course of the year, our cyber team conducted awareness training for 200 employees to raise their awareness of phishing. In the final step, we performed a full cyber maturity assessment — a comprehensive evaluation of the company’s cybersecurity to support their planning efforts and cyber investments.

“Our IT team responded quickly to restore operational stability. Thanks to the Zurich team and their expertise, we can now improve our knowledge, practices, and resilience against future cyber threats,” explains Nicolas Nétuschill.

Portes du Soleil also started to take a very proactive approach in wanting to stay ahead of the curve and protect itself against further potential cyberattacks. “We have not only established a business relationship with the ski area company, but a true partnership, working together to strengthen their cyber resilience for the long-term,” adds Sylvain Luiset.

While headlines often capture high-profile cyber-attacks, the experience at Portes du Soleil is a powerful reminder that every industry now depends on digital and connected services. Whether you’re running a ski resort or a multinational business, the stability of your operations, and the trust of your customers, relies on robust cyber security.