Cyber security: “There is always residual risk”

National councilor Doris Fiala is committed to the issue as president of the Swiss Cyber Security Days. After all, she is convinced: “Digitization is an enormous chance, but it also harbors some risks.” Doris Fiala says that according to estimates, cyber crime is responsible for costs amounting to 5 billion Swiss francs every year. “That is more than the budget for the army.” Doris Fiala has observed that many Swiss SMEs are not even aware that they could also be affected. “SMEs need to pay great attention to their costs in everyday competition, which is why they often shun the expenses incurred for Internet security. However, good protection at all levels is worth it.”

Daniel Nussbaumer is co-head of the Cyber Criminality Division of the Police Department of the Canton of Zurich. Time and again, he witnesses how SMEs fall victim to ransomware attacks, which basically means virtual blackmail. “If a company can suddenly no longer access its data, it may quickly be pushed to its existential limits.” He regrets that many victims do not report incidents to the police. “We can provide effective support in these situations, such as during negotiations with the perpetrator.” Surprisingly, frustrated employees or competitors are often behind the attacks. The police have very good chances in these cases. But thanks to international cooperation, there are options for dealing with cyber criminals abroad as well. 

Sandra Tobler is co-founder and CEO of Futurae Technologies AG, which specializes in secure, user-friendly authentication software for corporate customers. “Many SMEs are not even aware that they could become targets,” the expert notes. In any case, there is no absolute security where cyber security is concerned. “But the purpose is to create a process and a culture that increase security.” For Sandra Tobler, this also has to do with a culture of error. “Instead of denouncing people who have opened the wrong e-mail, organizations would do better to learn from such errors and be creative – for example, by putting themselves in the hacker’s position for a change.”

Philipp Hurni is a risk expert specializing in cyber affairs at Zurich. He notes that cyber crime has developed swiftly in recent years. “You no longer need to be an IT specialist. All you need to do is buy inexpensive instructions for blackmail software on the darknet and then deploy them against companies.” Less competent hackers in particular focus on SMEs. “They know SMEs are often less well-prepared and are more likely to comply with demands for blackmail money, for example, because they have not made any backups.” He argues in favor of a notification obligation for cyber attacks. “This would make it possible to record and track security incidents more consistently in Switzerland as well.” The important thing here is for a reporting obligation like this to be designed in such a way that serves exclusively for clarification of incidents and prevention of future occurrences – and not, for example, to punish those who report incidents with fines.

Because cyber attacks cannot be completely prevented, it is all the more important to protect against their consequences: Zurich Cyber Insurance covers certain costs arising as a result of hacker attacks, such as those for cleaning up computer devices after a virus attack or restoring data. In addition, the insured are given access to experienced attorneys, who can provide advice on immediate measures. You also have the option of insuring your company against the financial consequences of business interruptions after an attack. An additional insurance module also provides protection against the theft of money via e-banking. Thanks to a partnership, Zurich cyber customers benefit from special conditions for security checks on the strengths and weaknesses of their corporate IT. Zurich even reimburses new customers a proportion of the costs.