Frequently Asked Questions About Cyber Insurance

Cyber insurance protects businesses from the financial consequences of cyberattacks, data loss, and IT outages. It covers first-party losses (e.g. business interruption, data recovery), third-party damages (liability towards customers), and crisis management costs. Learn more

Yes — 90% of Swiss SMEs are uninsured, despite the constantly growing threat landscape. Standard business liability insurance typically does not cover cyber damages. You can protect your business starting from just CHF 40 per year. Calculate costs

Core coverage includes: business interruption, IT forensics, data recovery, liability for data loss, ransom payments, crisis management, and legal advice. Depending on the provider, cyber fraud (CEO fraud) and reputational damage may also be covered. Compare insurers

Business liability insurance covers personal injury and property damage but usually explicitly excludes cyber risks. Cyber insurance is specifically designed for digital risks — it covers data loss, IT outages, extortion, and liability for data protection breaches.

Costs vary significantly: A micro-business (1–5 employees) pays CHF 200–800/year, an SME with 50 employees CHF 2,000–8,000/year. The premium depends on industry, revenue, coverage amount, and IT security measures. Calculate premium

The most important factors are: industry (risk profile), company size (employees and revenue), desired coverage amount, deductible level, and existing IT security measures. MFA, regular backups, and employee training can reduce the premium by up to 30%.

Yes! IT security measures directly impact the premium: Multi-factor authentication (-5 to -10%), regular backups (-5 to -8%), employee training (-3 to -5%), ISO 27001 certification (-10 to -15%). Use our premium calculator for an individual estimate.

The most common threats are ransomware (encryption trojans), phishing, DDoS attacks, CEO fraud/social engineering, data leaks, and supply chain attacks. In 2024, the NCSC recorded over 63,000 cyber incidents in Switzerland. View threat landscape

Ransomware encrypts your data and demands a ransom for decryption. Protection includes: regular offline backups, employee training against phishing, network segmentation, and multi-factor authentication. Cyber insurance covers the costs in the event of a claim.

The NCSC registered over 63,000 cyber incidents in 2024 — the actual number is significantly higher. According to studies, one in three Swiss SMEs has already been affected by a cyberattack at least once.

The most frequently attacked are: healthcare (1,336 attacks/week), e-commerce (1,440/week), financial services (1,000+/week), and public administration. Industries with sensitive data are particularly at risk. View industry risks

Absolutely. Medical practices process highly sensitive patient data that is particularly valuable on the dark web. A data breach can result in fines, liability claims, and reporting obligations. Typical damage: CHF 500,000–5,000,000. Healthcare risks

Very high. Law firms manage their clients' most sensitive assets — a data breach can violate attorney-client privilege and lead to professional sanctions. Typical damages range between CHF 200,000 and 2,000,000. Cyber insurance is essential. Law firm risks

Leading Swiss cyber insurers include: Zurich, AXA, Helvetia, Baloise, Mobiliar, Allianz Suisse, Generali, and Swiss Re Corporate Solutions. The coverage differs considerably between providers. Compare insurers

Pay attention to: coverage amount (at least CHF 1 million for SMEs), included services (forensics, crisis management), 24/7 emergency hotline, sublimits for ransomware and business interruption, deductible, and exclusions. Our comparison helps with the decision.

Since 2025, operators of critical infrastructure must report cyberattacks to the NCSC within 24 hours. Under the nDSG (new Data Protection Act), data protection breaches must be reported to the FDPIC if there is a high risk to affected individuals. Reporting details

Violations of the reporting obligation can be punished with fines of up to CHF 100,000 (nDSG). For critical infrastructure, additional regulatory consequences may apply. Cyber insurance supports you with correct and timely reporting.

Immediate measures: 1) Isolate affected systems, 2) Contact an IT forensics team (often through your cyber insurance), 3) Document the incident, 4) Notify authorities (NCSC, police), 5) Inform affected individuals. Do not: pay ransom without consulting experts or delete evidence.

Most Swiss cyber insurers cover ransom payments — but only as a last resort and after consultation with specialised negotiators. Some insurers exclude ransom payments entirely. Check your policy for sublimits and conditions.

For small businesses, standard policies with CHF 250,000–500,000 coverage are recommended. The premium typically ranges from CHF 200–800 per year. Important: even small businesses are targets of ransomware and phishing. Calculate premium

For SMEs, CHF 2,500–5,000 is typical. A higher deductible lowers the premium but increases your financial risk in the event of a claim. Choose an amount your business can comfortably bear on its own.

The revised nDSG has been in effect since September 2023. It requires adequate technical and organisational measures for data protection, a reporting obligation for data breaches to the FDPIC, and strengthens the rights of affected individuals. Fines of up to CHF 250,000 for responsible persons.

Yes — most policies cover legal advice, notification costs, regulatory proceedings, and fines (where insurable). The 24/7 hotline for timely reporting to the FDPIC is particularly valuable.

Cyberversicherung.ch is an independent information platform in partnership with BTAG Versicherungsbroker AG in Bern. BTAG is a FINMA-registered, independent insurance broker with over 35 years of experience. Get in touch. Contact us

Yes — the initial consultation with BTAG is free and non-binding. As an independent broker, BTAG compares offers from all relevant Swiss cyber insurers and finds the right solution for your business.