Swiss companies are in urgent need of cybercrime solutions, and that need is growing fast. According to the "Global Digital Trust Insights 2023" from consulting firm PwC, 73% of Swiss companies see an urgent need for action in this area. With cybercrime becoming one of the central top risks, the insurance gap for major cyber events is growing – both nationally and internationally. Helvetia's "The challenges of overcoming the main cyber risks" symposium on 5 June 2023 aggressively brought this acute problem area into the public eye.
"The insurance industry today can provide good cover for individual risks – as long as companies invest in prevention and data security", says Martin Jara, CEO of Helvetia Switzerland. "But Switzerland currently lacks sufficient protection from major incidents with multiple victims, which can go far beyond individual attacks." The central element must be the increased resilience of the Swiss SME economy: no compulsory insurance, but sector-specific prevention so that financial compensation remains possible.
"Triad of resilience"
Alexandra Arni, Head of ICT at Swiss Banking and Vice President of the Swiss Financial Sector Cyber Security Centre (FS-CSC), explained what such an approach might look like. The cooperation of all parties involved, she said, was already based on the "triad of resilience": prevention, crisis management, damage repair.
Hans-Ulrich Bigler, Director of the Swiss Trade Association (SGV), pointed out that the most important pillar of the Swiss economy – the 600,000 or so SMEs – were at least as affected by the threat from cybercriminals as large companies and system-critical infrastructure operators. It was therefore important for SMEs to address the risks and take prevention seriously.
Raphael Reischuk, Partner and Head of Cybersecurity at Zühlke Engineering, took up the previous speaker's thread enthusiastically – stressing that for the benefit of the population, the economy and ultimately also the democratic structure of our society, cyber risks must be insurable as soon as possible. Reischuk showed how the issue can be tackled technically by means of a data-based system for the identification of cyber risks in real time, which enabled the global situation to be improved, promised incentives to reduce cyber risks and rewarded policyholders with adaptive insurance premiums.
Administration and science support broad cooperation
The need for a joint solution for the insurability of large cyber risks and the bundling of different competencies and experiences also found favour with representatives of the state and science who were present. In his remarks, Florian Schütz – head of the National Cyber Security Centre (NCSC) and Director Designate of the new Federal Office for Cyber Security – emphasized how important it is for companies to contribute to a cyber strategy in line with national values and principles. Ultimately, though, the economy was also interested in moving the topic of cyber security to the top of the agenda as a productivity factor. The NCSC was gratified that the insurability of cyber risks was increasingly coming into focus: "In the context of the national discussion on increasing cyber resilience and minimizing economic damage", he said, "the right time to have this discussion is now."
On the scientific side, the economy and state authorities can rely on the extensive expertise of specialist start-ups and national institutions such as the Swiss Federal Institute of Technology (ETH). Prof. Florian Tramèr, an expert in computer security, privacy protection and machine learning in the Department of Computer Science at ETH Zurich, highlighted how intensively science was currently dealing with the topic – and that future-oriented models were already in development with the involvement of business and the state.
The insurance industry relies on improved fundamentals and appropriate risk models
Jean-Philippe Moser, Head of the Insurance Sectors Division at the Swiss Insurance Association (SIA), and David Ribeaud, CEO Specialty Markets at Helvetia, emphasized the industry's readiness to make its contribution – for example, in efforts to achieve a solid data basis and appropriate risk models for better insurability of cyber attacks. At the same time both speakers emphasized the need for clarity, and thus the improved regulation of the framework conditions in order to be able to increase cyber resilience in the Swiss economy and society. Companies that invest in cyber security and prevention will have better prospects of arranging appropriate insurance cover.
The prospects for political acceptance are good
And how feasible is it to achieve a political majority for such solutions? According to Werner Salzmann (SVP, BE), President of the Security Policy Committee of the Council of States (SiK-S), prospects are good. After all, the SiK-S has long considered cybercrime to be one of the most urgent problems in the current security landscape. Any broad-based initiative from outside the political spectrum would be favourably considered, said the SVP politician at the cyber symposium in Bern.
Taking account of the positions presented, the SIA and its affiliated insurance companies were laying the necessary foundations in the "Cyber" working group. The findings would then be discussed with stakeholders at a follow-up symposium, and any further steps defined.
Seen in this light, it is realistically possible that Switzerland would be able to establish authentic cooperation between the most important representatives of business, science and the state – within the urgent time frame, and with the support of all parties. This would be a globally ground-breaking measure, as well as a great opportunity for Switzerland as a business location.