What happened?
On 7 May 2023, ABB, the Swiss technology and automation group, was hit by a large-scale ransomware attack. The Black Basta group — one of the most dangerous ransomware gangs worldwide — gained access to internal IT systems and encrypted critical data and production systems.
The attack likely began through compromised VPN credentials of an employee. The attackers moved through the network undetected for several weeks (lateral movement), mapped the infrastructure and exfiltrated confidential data before triggering the encryption.
ABB had to react immediately: numerous systems were taken offline, VPN connections to customers were severed and internal communication channels were restricted. Production at multiple sites worldwide came to a standstill.
Who was affected?
ABB employs over 105,000 people in more than 100 countries. The attack affected:
- Production sites in Switzerland, Sweden, the USA and other countries
- Customer companies connected to ABB via VPN that had to be proactively disconnected
- Employees whose personal data was potentially compromised
- Shareholders and investors, as the incident weighed on the share price
- Suppliers and partners whose orders were delayed
ABB supplies critical infrastructure — including energy providers, water utilities and transport companies. A successful attack on ABB systems could theoretically impact the supply security of entire regions.
How large was the damage?
ABB did not disclose the exact financial damage. Industry experts estimate it at several hundred million US dollars, broken down as follows:
| Cost item | Estimated cost | Covered by cyber insurance? |
|---|---|---|
| Incident Response & Forensics | CHF 5–10m | Yes – core service of any policy |
| Business interruption (production) | CHF 100–200m | Yes – up to coverage limit |
| System restoration & IT rebuild | CHF 20–40m | Yes – typically covered |
| Ransom demand | CHF 10–30m | Partially – depends on policy and jurisdiction |
| Legal advice & data protection | CHF 5–15m | Yes – legal protection component |
| Notification of affected persons | CHF 2–5m | Yes – regulatory obligation |
| Crisis communication & PR | CHF 1–3m | Yes – frequently included |
| Reputational damage (long-term) | CHF 50–100m | No – not quantifiable |
| Customer loss & penalties | CHF 20–50m | Partially – liability component |
| Estimated total damage | CHF 200–450m | ~40–60% potentially covered |
Even with a generous coverage limit of CHF 100m, cyber insurance would have covered only a fraction of the total damage. For SMEs, where damage typically ranges from CHF 100,000 to CHF 5m, cyber insurance can be crucial to survival.
Lessons for Swiss SMEs
-
Ransomware hits all industries: Black Basta deliberately targets industrial companies. Swiss SMEs in mechanical engineering, supply chains and manufacturing are particularly at risk.
-
VPN access is a primary entry point: The attack occurred through compromised credentials. Multi-factor authentication (MFA) for all remote access is essential.
-
Lateral movement takes weeks: The attackers were active in the network for weeks. Network segmentation and effective monitoring could have prevented the spread.
-
Supply chain risk: As an ABB customer, your company would have been indirectly affected. Cyber insurance also covers third-party damages from supplier outages.
-
Incident costs far exceed the premium: Cyber insurance for an SME typically costs CHF 2,000–10,000 per year. The average damage from a ransomware attack on a Swiss SME is CHF 250,000–500,000.
-
Preparation is key: An incident response plan, regular backups and trained employees massively reduce the damage — and simultaneously lower the insurance premium.
Get a free consultation. The experts at BTAG Versicherungsbroker AG in Bern analyse your individual risk profile and find the right cyber insurance for your company — independent and transparent.