Digitisation optimises processes, makes them faster and cheaper - but also increases the risk of becoming a victim of cybercrime. Cyber insurance from AXA protects your company against the financial losses a cyber attack might cause.
Attacks on Swiss companies’ digital infrastructure are rising from year to year. Small and medium-sized enterprises in particular are being increasingly targeted by cyber criminals as they have less money to spend on IT security than large corporations. However, protecting against the risks associated with digital technology is in the interest of every business that operates in the digital world, processes sensitive customer data or depends heavily on reliable access to data and IT infrastructure. Cyber insurance represents an important step in the right direction.
Cyber crime is criminal activity that makes use of information and communication technology. It can take place anywhere where people use Internet-connected information and communication technology such as computers, smartphones, and other devices, for example in companies or government offices, in the home or on the move. It is especially dangerous because the perpetrators can strike at virtually any time from anywhere in the world and can easily cover their tracks. There are lots of different kinds of cyber attack, from stealing confidential data to infecting private or corporate computers with malicious software (malware for short), for example by means of spam e-mails. Whatever their nature, cyber attacks have the potential to cause huge losses.
Despite having the latest security software installed, a small business’s entire IT infrastructure is infected with viruses. Some of its data are deleted, and some are corrupted. The operating system and applications have to be reinstalled, and the data backups have to be rolled back. The system remains down for several days, making it impossible to serve customers, so they switch to a rival firm. AXA covers the cost of data recovery as well as the loss of income arising from the interruption to normal business.
From business interruptions to theft of critical data and lasting damage to a company’s reputation, the scope of cyber risks and the damage they can cause is broad.
Financial damage: Financial consequences of hacker attacks include loss of income as a result of normal business being interrupted and high costs for recovering lost or stolen data. When these affect a company’s competitiveness or even its share price, they can quickly threaten its very existence.
Damage due to data protection violations: Anyone who stores or processes customer data is legally obligated to protect them. If data protection is compromised and sensitive data are disclosed or misused as a result of a cyber attack, the company concerned could face legal and regulatory sanctions. Companies with business relationships in other European countries must also comply with the more stringent requirements of the EU’s General Data Protection Regulation (GDPR).
Reputational damage: If a company is negligent in its handling of the theft or loss of data, this can affect the extent to which it is trusted, perhaps even to the point where it loses customers and business partners. Winning them back can be very hard work.
Cyber crime is often financially motivated, with hackers wanting to get rich from selling sensitive data or through blackmail. However, there can also be political or personal reasons for attacking a company’s IT systems.
Money: Cyber crime is a lucrative business for both individuals and criminal organizations. They can make a lot of money by stealing and selling personal data or even goods, blackmailing victims for the release of locked data or manipulating staff.
Data theft: Attacks on corporate IT are often aimed at stealing customer data. E-mail addresses as well as credit card and login details are traded on underground websites and used for identity theft in further cyber attacks, for example.
Trade secrets: Cyber criminals are also interested in intellectual property and trade secrets like strategies, plans, and recipes. Any company that is especially innovative or successful in a particular field and owns patents, copyrights or trademarks is at risk of falling victim to industrial espionage.
Personal motives: Some cyber attacks are all about power and control. A former employee might want to take revenge on your company, while others might simply enjoy the thrill of having power over their victims.
Political motives: “Hacktivists” are politically or ideologically motivated. They might attempt to disable the websites of governments, organizations or entire industries or bombard them with requests so as to make them unusable for extended periods.
The human factor: Most cyber risks entail some kind of human interaction, so human nature is the biggest target for cyber crime. Criminals use a range of social engineering tricks to turn company staff into unwitting accomplices. They might invent fictitious security problems to persuade users to enter their login details or use a fake identity to divert payment flows. This is why comprehensive protection against cyber risks must always include raising awareness among the company’s staff. They need to know the dangers involved in using the Internet and the company’s other interfaces.
E-mail: Hackers use phishing e-mails to collect confidential data from a company’s staff or infect its network with malware.
Clouds: Many small and medium-sized businesses use third-party cloud services to store their data. If these are manipulated, companies are not just sharing storage space and databases but viruses and Trojans as well.
The Web: Criminals repeatedly succeed in hacking popular, trusted websites to circulate malware or divert users to harmful sites.
Wi-Fi: Public Wi-Fi hotspots are like an open door to hackers, making it easy for them to intercept confidential information and passwords.
Every cyber attack is different, so the impact also differs. This makes it all the more important to have insurance that offers the best possible coverage for all eventualities – AXA’s cyber insurance, for example. As well as covering financial losses, we also handle compensation claims and measures that can help to prevent reputational damage – not just in connection with criminal activity like hacking or distributed denial of service (DDoS) attacks, but also when careless employees or service providers make mistakes.
If all protective measures fail and an insured event occurs, AXA covers the cost of the following:
Basic cyber insurance coverage includes all of the main cyber risks:
Depending on a company’s size and the industry it operates in, it can make sense to add further components to cyber insurance coverage for tailor-made, all-round protection. Cyber insurance can also be combined with AXA’s server housing.
Social engineering/human hacking: When fraudsters pass themselves off as suppliers or the company’s CEO and persuade staff to transfer or divert funds, this is known as social engineering or human hacking. This risk can be included in the cyber insurance coverage on request.
Manipulation of online payments: Financial losses can result directly from third parties gaining access to a company’s e-banking or online payment systems. We can cover this risk on request as part of our cyber insurance.
Phone hacking: When criminals hack companies’ phone systems in Switzerland to commit fraud under their name, they often cause significant financial losses. This risk can be covered by cyber insurance on request.
AXA offers a prevention service in addition to cyber insurance. A series of light-hearted tutorials teaches your staff about cyber threats and how to guard against them. You also receive regular security reports based on automated scans of your IT infrastructure.
As a rule of thumb, the more digitally networked your business is, the greater your need for cyber insurance will be. Even businesses that don’t need computers or IT infrastructure for their main activity often rely on digital services – be it for online banking, Internet telephony, managing appointments or using social media for marketing. Any of these are at risk from cyber attacks.