What happened?
In February 2024, Swisscom — Switzerland’s largest telecommunications provider — was targeted by a massive DDoS attack. The attackers flooded Swisscom servers with an enormous volume of requests, rendering various services unreachable for hours.
The consequences were far-reaching: besides Swisscom’s own services, the mobile payment service Twint was also affected. Millions of Swiss residents were temporarily unable to make mobile payments.
The attack was repelled within a few hours, but the cascade effects lasted considerably longer and affected a wide range of businesses and private individuals.
Who was affected?
- Swisscom customers: Millions of private and business customers with restricted connectivity
- Twint users: Over 5 million active users unable to make payments
- Retailers and restaurants whose customers could no longer pay with Twint at checkout
- Online shops offering Twint as a payment method and experiencing abandoned purchases
- Companies hosting their IT infrastructure with Swisscom
- Logistics and delivery services whose communications ran via Swisscom
Small retailers and restaurants that increasingly rely on cashless payments via Twint and had no fallback were particularly hard hit.
How large was the damage?
The aggregate damage across all affected parties is estimated at CHF 5–20m. For individual SMEs:
| Cost item | Estimated cost (per SME) | Covered? |
|---|---|---|
| Revenue loss from payment outage | CHF 1,000–20,000 | Partially |
| Emergency IT measures | CHF 500–5,000 | Yes |
| Business interruption (hosted services) | CHF 2,000–50,000 | Yes |
| Estimated damage per SME | CHF 5,000–120,000 | ~40–60% potentially covered |
The critical question with DDoS attacks on third-party providers is whether your own cyber insurance also covers damages from outages at IT providers and infrastructure operators. Modern policies contain this “Contingent Business Interruption” clause — older ones often do not.
Lessons for Swiss SMEs
-
DDoS is not just a large-corporation problem. SMEs are also directly attacked with DDoS. An online shop that goes down for a few hours can lose thousands of francs in revenue.
-
Cascade effects hit everyone — even if your company is not directly attacked. A cyber insurance policy with “Contingent Business Interruption” coverage protects against these third-party risks.
-
Cashless dependency: The increasing reliance on digital payment systems like Twint makes businesses vulnerable. Always maintain a backup payment method.
-
Redundancy as strategy: Companies relying on a single provider carry a concentration risk. Two independent internet connections can massively reduce the impact of a DDoS attack.
-
DDoS as diversionary tactic: In some cases, attackers use DDoS attacks as a distraction while simultaneously stealing data or installing ransomware.
-
Check your policy carefully: Not every cyber insurance policy covers DDoS damage equally. Watch for: DDoS-specific sub-limits, waiting periods and the distinction between a direct DDoS attack on you versus an outage at your provider.
Get a free consultation. The experts at BTAG Versicherungsbroker AG in Bern check your existing policy for DDoS coverage gaps and find the optimal solution for your business model.