Cyber Insurance Coverage — What Is Covered and What Is Not?
· Editorial cyberversicherung.ch
What Does Cyber Insurance Cover — and What Does It Not?
Cyber insurance is one of the most complex insurance products on the Swiss market. Understanding the scope of coverage is crucial — before taking out a policy, not only in the event of a claim.
In Switzerland, the Federal Office for Cybersecurity (BACS) registered over 59,000 cyber incidents in 2024. Average costs per incident for SMEs are CHF 180,000 to CHF 450,000.
The Three Pillars of Cyber Insurance
- Own damages (First-Party): Direct financial losses to your own company
- Third-party damages (Third-Party / Liability): Claims from third parties harmed by a cyber incident at your company
- Assistance services: Immediate expert help in an emergency (24/7)
Own Damages (First-Party Coverage) — In Detail
Own damages account for 60–75% of total costs of a cyber incident in practice.
1. Business Interruption
- Revenue loss during system downtime
- Additional costs for provisional solutions
- Average downtime after ransomware: 23 days
- Typical revenue loss for SMEs: CHF 5,000–50,000 per day
- Waiting period in most policies: 6–24 hours
2. IT Forensics and Incident Response
- Forensic analysis, damage containment, evidence preservation, vulnerability remediation
- Typical costs: CHF 15,000–80,000 per incident
3. Data Recovery
- Decryption or restoration, reinstallation, reconfiguration, validation
- Typical costs: CHF 20,000–150,000
4. Cyber Extortion (Ransomware)
- Negotiation costs, ransom payment (in some policies), decryption tools
- Average ransom demand in Switzerland 2024: CHF 280,000
5. Crisis Management and Communication
- PR consulting, customer communication, reputation management, internal communication
- Typical costs: CHF 10,000–60,000
6. Notification Costs
- nFADP reporting obligation to FDPIC within 72 hours
- Notification of affected persons
- Typical costs per person: CHF 8–15
Third-Party Damages (Third-Party Coverage) — In Detail
1. Data Protection Liability
- Compensation claims from persons whose data was compromised
- Defence against regulatory proceedings (FDPIC)
- Fines under nFADP: up to CHF 250,000 for responsible individuals
2. Network Security Liability
- Spread of malware via your systems, supply chain attacks, DDoS from compromised systems
3. Media and Personality Rights Liability
- Infringement of personality rights, copyright violations, defamation
4. Legal Protection (Cyber)
- Legal and court costs for cyber-related disputes
- Representation before the FDPIC
- Typical hourly rates: CHF 300–600 per hour
Assistance Services — The Often Underestimated Strength
Most Swiss cyber insurers offer a 24/7 emergency hotline with immediate access to IT forensic experts, data protection lawyers, crisis management consultants and ransomware negotiation experts.
| Insurer | Response time (first contact) | On-site forensics |
|---|---|---|
| Zurich | Within 1 hour | Within 4 hours |
| AXA | Within 2 hours | Within 8 hours |
| Mobiliar | Within 2 hours | Within 6 hours |
| Helvetia | Within 4 hours | Within 12 hours |
What Is NOT Covered? — Typical Exclusions
| Exclusion | What does it mean? | Practical relevance |
|---|---|---|
| Intentional acts | Damages caused deliberately | High |
| War / state cyber attacks | The “War Exclusion” | High — controversial since Ukraine conflict |
| Known, unpatched vulnerabilities | Patches available but not applied | Very high — most common reason for claim denial |
| Bodily injury and property damage | Physical damage to persons or objects | Medium |
| Infrastructure failure | Power, internet, telecoms outage | Medium |
| Contractual penalties | Penalty clauses from contracts with third parties | Medium |
| Inadequate basic security | Breach of agreed obligations | Very high |
| Long-term reputational damage | Long-term customer loss after incident | High |
| Fines (partially) | Insurability varies by canton | Medium |
Comparison: Basic vs. Standard vs. Comprehensive Policy
| Coverage component | Basic | Standard | Comprehensive |
|---|---|---|---|
| IT forensics / incident response | Yes | Yes | Yes |
| Data recovery | Limited | Yes | Yes |
| Business interruption | No | Yes | Yes |
| Cyber extortion / ransomware | No | Partial | Yes |
| Crisis management / PR | No | Limited | Yes |
| Notification costs | Limited | Yes | Yes |
| Data protection liability | Limited | Yes | Yes |
| Network security liability | No | Partial | Yes |
| Media liability | No | No | Yes |
| Legal protection (cyber) | No | Limited | Yes |
| Social engineering / CEO fraud | No | Optional | Yes |
| 24/7 hotline | Yes | Yes | Yes |
| Typical coverage amount | CHF 50,000–250,000 | CHF 250,000–2M | CHF 1–10M |
| Typical annual premium (SME, 25 emp.) | CHF 400–800 | CHF 1,500–3,500 | CHF 3,000–8,000 |
Obligations — Your Duties as a Policyholder
- Regular data backup: At least weekly, ideally daily, with periodic offline backups
- Up-to-date software: Security updates within 30 days
- Antivirus software: Installed and current on all endpoints
- Access protection: MFA for remote access and administrative accounts
- Employee training: At least annual awareness training
- Documented emergency plan: Incident response plan with clear responsibilities
- Reporting obligation: Report cyber incidents to the insurer immediately
Conclusion: The Scope of Coverage Determines the Value of Your Policy
- Own damages (business interruption, forensics, data recovery) account for 60–75% of costs
- Third-party damages (liability, legal costs) are becoming increasingly relevant with the nFADP
- Assistance services (24/7 hotline, immediate help) are often the most valuable component
- Exclusions can lead to claim denial in an emergency
- Obligations must be continuously maintained
Your next step: Have the coverage of your existing or planned cyber insurance reviewed free of charge by BTAG Versicherungsbroker AG. As an independent broker, BTAG knows the details of all Swiss policies and identifies coverage gaps before they become a problem. Request a coverage analysis now