What happened?
In 2023/2024, Xplain AG, a Swiss IT service provider for government agencies, fell victim to a ransomware attack by the “Play” group. Over 900 GB of sensitive data was stolen and published on the darknet.
Who was affected?
- Xplain AG itself
- Swiss federal authorities (Fedpol, FOCA, SEM and others)
- Cantonal authorities and police forces
- Thousands of citizens whose data was affected
How large was the damage?
- IT forensics and incident response: Estimated costs of several million CHF
- Reputational damage: Loss of trust among government clients
- Regulatory consequences: Investigations by the FDPIC
- Business interruption: Weeks of restricted operations
Would cyber insurance have helped?
Yes. A comprehensive cyber insurance policy would have covered:
| Cost item | Estimated cost | Covered? |
|---|---|---|
| IT forensics | CHF 500,000+ | Yes |
| Legal advice | CHF 300,000+ | Yes |
| Notification of affected persons | CHF 200,000+ | Yes |
| Business interruption | CHF 1,000,000+ | Yes |
| Crisis management/PR | CHF 100,000+ | Yes |
Lessons for Swiss SMEs
- Supply chain risk: An attack on a supplier can affect you indirectly.
- Data protection obligations: With the nFADP (since 1.9.2023), reporting and information obligations have become stricter.
- Insurance for the entire supply chain: Check whether your IT partners are insured.