Pascal Keller-Bossart took over as CEO of the SITS Group at the beginning of March 2025. In this interview, he talks about his new role, reflects on the role IT security has played in his career so far — and explains why he believes it’s not just a matter for top management.
You took over as CEO of the SITS Group last March. What was the first thing you tackled in your new role?
Pascal Keller-Bossart: It was important to me to give customers a stronger voice in our internal discussions. That’s why we immediately started to bring the customer perspective more strongly into all management meetings. Even though we are naturally very focused on internal transformation topics, it’s crucial to always keep the customer’s point of view in mind.
What does that mean in concrete terms?
It means that we continuously and systematically collect feedback, insights from customer meetings, useful ideas, but also criticism and suggestions for improvement, so we can feed this input back into our work. Everyone on the team is expected to report on their customer interactions and the feedback they receive. It’s also important to me that we don’t just send employees in the traditional customer-facing roles – such as sales or delivery – to meet clients. Management must also build these relationships and show a visible presence.
You took over the leadership from Maximilian Coqui. What was behind the change in leadership?
Maximilian Coqui comes from our investor, Triton Partners. After leading the SITS Group as CEO during a transition phase, he is now focusing again on his original role as Triton’s representative. This phase was very valuable for both sides: it allowed our investor to gain even deeper insights into the company and to become more familiar with the specifics of the SITS Group. As a result, we can now work together in an optimal way. We are once again operating with a three-person leadership constellation – myself as CEO, Coqui as the investor’s representative, and a chairman who is independent of Triton. Alongside the Board of Directors, we form the ongoing strategic coordination committee.
Are there clear guidelines from the investor that reach you via Coqui, or are you relatively free in managing the group?
Ultimately, the investors want us to be as successful as possible – and that’s exactly what I want as CEO, too. So they give us the freedom to run the business as we see fit. My appointment as CEO is proof of that: I joined SITS to contribute my experience in enterprise IT services. The investors mainly engage with us at a strategic level, constructively challenging our plans and asking the right questions – for example, whether the measures we take really help us become more efficient and more attractive to our customers. This exchange currently takes place at exactly the right level. Conversely, I’m very pleased that the investors support us on the financing side – an area where they naturally have great expertise. In this way, SITS and our investors complement each other very well.
At Inventx, you previously worked mainly in the finance and insurance sector. Before that, you were responsible for topics such as G Suite and Cloud at Google. Now you’ve joined an IT security service provider. How big a step was that for you?
The most important thing has remained the same over the years: my passion for IT and technology. My enthusiasm for using technology in ways that truly benefit customers and their businesses hasn’t changed either.
- Pascal Keller-Bossart, CEO, SITS Group
How do you bring this passion to SITS today?
At SITS, this passion and enthusiasm are once again at the heart of what we do. We use technology to safeguard and protect our customers — which, of course, has a significant positive impact on their business processes.
At Inventx, you built up a business unit for cybersecurity, among other things. How does this experience help you now in leading an IT security service provider?
I already gained valuable experience with IT security during my time at Google. When you offer cloud-based collaboration and productivity solutions, discussions about data protection and technical security are always part of the picture. That gave me an early understanding of enterprise customers’ needs and their decision-making processes in these areas. Once again, the key lies in understanding the customer. I’ve found that transparency and proximity are particularly important in security. Customers don’t simply want to outsource their security and then never hear from their provider again. They want to stay informed — to understand what has been done, how it was done, and how it benefits them. So I’ve been able to draw heavily on my previous career experience, which is now helping me at SITS.
Did you already feel the urge to dive deeper into IT security back then?
Yes, absolutely — in two ways, actually. On the one hand, I have an engineering background, and from that perspective, the field is fascinating because it’s developing so rapidly. The threat landscape is constantly evolving. On the other hand, it’s not just the technology that’s exciting — the market itself is, too. The industry is growing strongly, partly because the international situation has become more uncertain and threat scenarios are increasing. This is driving demand for security solutions. Security is now top of mind not only for IT leaders but also for CEOs. Recent surveys show that cybersecurity is already among the top three business risks. For us, that’s a clear signal that we’re focusing on the right area — one where customer demand is high and where we can make a real impact with our technical expertise.
In recent years, the SITS Group has regularly made headlines with new acquisitions. Lately, though, things have been quieter. Has the phase of inorganic growth come to an end?
Your observation about the past few years is correct. Our current focus is on integrating the parts of our organization more closely at the international level — in the spirit of “One SITS.”
Can you tell us more about this strategy?
We’ve grown significantly since 2017. Over the years, 18 companies have come together to form today’s SITS Group. It’s been a journey to unite these individual entities — both organizationally and culturally. This process has unfolded in several phases, and today we are truly more than the sum of our parts. In Switzerland, the mergers happened earlier, and since last year, we’ve also been consolidating all companies and legal entities in Germany into a single organization. The acquisitions have brought new areas of expertise into the group, and as a result, we now cover nearly the entire cyber spectrum. If you look at the NIST framework, there’s hardly an area we don’t address. That’s why, at present, there’s no pressing need to add new pieces to the puzzle through further acquisitions.
What steps have you already taken to achieve this strategic goal?
We’ve already made strong progress. For example, we’ve become even more international: we’ve established a cross-border security consulting and advisory organization that was previously run within the individual national companies. We’ve also merged our cyber defense teams from Germany and Denmark, and the IAM teams from the Netherlands and Germany have now been combined as well.
- Pascal Keller-Bossart, CEO, SITS Group
Are there similar areas of expertise in Switzerland?
We also have a strong presence in Switzerland in security consulting and secure IT services. Another particular strength here is in cryptographic solutions — including PKI, certificate management, encryption, and digital signature solutions. Much of this was developed locally in Jona and is still maintained here — such as our Keyon products. We’ve already achieved great success with these solutions in Germany and other countries, but I’m convinced they have even greater international potential.
What are the next steps in the One SITS strategy?
Strengthening our practices — in other words, pooling expertise that is currently spread across different countries. This will enable us to leverage all of our know-how across every region where we operate. Decoupling this expertise from the national companies so that we can serve all markets more effectively is an important transformational step. I also want to drive the company’s growth through an even stronger customer focus — that’s where we can truly differentiate ourselves from competitors.
Where would you position the SITS Group compared to its direct competitors?
I would say that, with our 700 employees in five countries, we are one of the largest players — at least among providers that are genuinely focused on cybersecurity services and have European roots. This is a major advantage when, for example, the topic of digital sovereignty comes up in discussions with customers. It allows us to position ourselves as a flexible, local provider — in contrast to the very large multinational system integrators and consultancies, which have a much broader focus and are less specialized in security. Despite our size, we still operate like an SME: we can engage with customers on an equal footing and create truly customized solutions. The customer doesn’t have to adapt to our solution — we adapt our solutions to the customer.
Does the interest in digital sovereignty really come from the market, or is it mainly driven by providers?
There is a very real demand in the market. Many companies are watching the current geopolitical developments with concern. Even across the Atlantic, the situation is no longer as simple or clear-cut as it used to be. From my time at Google, I know that cloud services from US providers have always been viewed critically. In the past, however, there was still a basic level of trust — today, much more is being questioned, whether justified or not. These uncertainties create a dilemma for companies: they don’t want to give up the advantages of cloud technology. At the same time, there are few true alternatives to the large, established cloud providers in terms of performance, features, and speed of innovation. That’s why companies are now trying to find the right balance that allows them to continue benefiting from the cloud. I don’t believe they’ll stop using US cloud solutions overnight — rather, they’ll look for ways to use them more selectively and securely.
What options are available to them?
Companies can, for example, strengthen governance to regulate which data goes where — and also technically monitor and control data traffic. Not all data has to go into the cloud; by keeping sensitive data on-premises, they can reduce exposure to cloud-related risks. In these cases, we can provide tailored support using our own secure infrastructure. Companies can also process data in the cloud but retain full control by managing their own encryption keys. Here, too, we’re ready to support them with both advice and solutions.
How important is Switzerland within the SITS Group’s overall international structure?
Switzerland remains highly relevant — not only for us but also for other international IT service providers. It’s a top market by global standards. We have a very strong economy and a high concentration of large international companies, particularly in the financial and pharmaceutical sectors. This makes Switzerland an especially attractive market. It’s a core market for the SITS Group and the place where our roots lie. The local business also carries significant weight in terms of revenue — and we intend to expand it further.
How do you plan to achieve this?
Among other things, by strengthening our profile in Switzerland. To do so, we need to showcase our strengths even more clearly and integrate our teams even more deeply. We also want to let our existing customers speak for us and increase our visibility in industry associations and at events.
- Pascal Keller-Bossart, CEO, SITS Group
As an IT security specialist, you have deep insight into the security maturity of Swiss companies. How would you assess it?
The self-assessments of companies, as reflected in many studies, already show that the situation is not ideal. Many organizations feel insecure and consider themselves only moderately prepared to deal with the growing number of threats. There is now a clear sense of urgency, but more still needs to be done — and invested — than has been so far.
What is your top tip for greater security?
Security must be a top management priority! If a management team doesn’t regularly engage with the topic, their company has a serious problem. Leadership needs to assign clear responsibilities, actively support their own security team, and stay informed about where they stand. Even if it’s an uncomfortable subject at times, IT security belongs on every management agenda.
At the same time, it’s pointless if only the experts deal with security. Most cyberattacks still don’t start with a technical breach but with people. Social engineering and phishing are used to manipulate individuals and turn them into entry points for cybercriminals. That’s why every employee has a role to play. All staff members must be educated about where potential cyber risks lie, how to handle them safely, and who to contact in case of an incident. In the end, this benefits the entire organization.
