Cyber Insurance for SMEs — Why 90% of Swiss Companies Are Uninsured
Cyber Insurance for SMEs in Switzerland — A Dangerous Omission
Switzerland is an SME country: Over 600,000 small and medium-sized enterprises form the backbone of the economy. Yet only an estimated 10% of Swiss SMEs have cyber insurance — despite the ever-increasing threat landscape.
In 2024, the Federal Office for Cybersecurity (BACS) registered over 59,000 cybercrime reports. According to the Mobiliar and ETH Zurich (2024) study, 36% of all Swiss SMEs have already been attacked at least once.
Why Are SMEs the Preferred Target of Cybercriminals?
1. Lower IT Security Than Large Enterprises
- 65% of Swiss SMEs have no dedicated IT security officer
- 42% do not use MFA for remote access
- 38% do not perform regular offline backups
- 71% have no documented incident response plan
2. Valuable Data — Without Adequate Protection
| Data type | Black market value per record |
|---|---|
| Credit card data | CHF 12–60 |
| ID/passport scans | CHF 15–80 |
| E-banking login credentials | CHF 50–200 |
| Health data | CHF 80–400 |
| Corporate VPN credentials | CHF 200–2,000 |
3. SMEs as Gateway to the Supply Chain
Attackers increasingly use SMEs as a stepping stone to larger companies. The Xplain incident in 2023 dramatically demonstrated this risk.
4. Underestimated Risk
Many SME owners think: “We’re too small to be attacked.” This assumption is dangerously wrong. Modern cyber attacks often work automatically and broadly — ransomware campaigns scan the entire internet for vulnerable systems regardless of company size.
Typical Damage Scenarios for Swiss SMEs
Scenario 1: Ransomware at a Trades Business (12 employees)
Total damage: CHF 86,000 — existentially threatening for an SME with CHF 150,000 annual profit.
Scenario 2: Data Leak at a Fiduciary (6 employees)
Total damage: CHF 107,000 — plus 15% loss of clients.
Scenario 3: CEO Fraud at a Manufacturing Business (45 employees)
Total damage: CHF 180,000 — a cyber insurance with social engineering coverage would have covered the bulk of this.
What Does Cyber Insurance Cost for SMEs?
| SME size | Employees | Annual premium | Typical coverage |
|---|---|---|---|
| Micro-SME | 1–10 | CHF 400–2,000 | CHF 100,000–500,000 |
| Small SME | 11–50 | CHF 600–5,000 | CHF 250,000–2M |
| Medium SME | 51–250 | CHF 2,000–10,000 | CHF 1–5M |
Insurance Cost vs. Attack Cost
| Comparison | Cyber insurance (annual) | Average cyber attack |
|---|---|---|
| Micro-SME (5 emp.) | CHF 600 | CHF 75,000 |
| Small SME (25 emp.) | CHF 2,000 | CHF 180,000 |
| Medium SME (100 emp.) | CHF 5,000 | CHF 450,000 |
The ratio averages 1:90 — for every franc invested in premiums, a potential damage of CHF 90 is covered.
Minimum Requirements from Insurers
| Requirement | Description | SME Implementation |
|---|---|---|
| MFA | For all remote access and admin accounts | Enable in Microsoft 365 / Google Workspace |
| Regular backup | At least daily, ideally offline | Cloud backup + weekly offline backup |
| Antivirus | On all endpoints, centrally managed | Managed endpoint protection (from CHF 5/device/month) |
| Patch management | Security updates within 30 days | Enable automatic updates |
| Firewall | Network protected by firewall | Hardware or managed firewall |
| Employee training | Annual awareness training | Online training platforms (from CHF 15/person/year) |
| Incident response plan | Documented procedure for cyber incidents | Create template, define responsibilities |
Step-by-Step to Cyber Insurance for Your SME
- IT security assessment — overview of your current security posture
- Determine coverage needs — rule of thumb: at least 3x monthly revenue, minimum CHF 250,000
- Implement minimum requirements before requesting quotes
- Obtain multiple quotes — at least 3–5 offers, compare coverage not just price
- Take out policy and document your IT security status
- Review annually — your IT infrastructure and the threat landscape change constantly
Common Objections from SMEs — And Why They Don’t Hold Up
- “We’re too small to be attacked.” — Automated attacks don’t discriminate by company size.
- “Our IT is secure enough.” — Even large companies with million-franc budgets get hacked.
- “It’s too expensive.” — From CHF 400/year, cyber insurance often costs less than half of business liability insurance.
- “Our IT company takes care of it.” — An IT provider handles prevention but cannot eliminate residual risk.
- “We have backups.” — Modern ransomware specifically targets and encrypts backups.
Conclusion: Cyber Insurance Is Not Optional for SMEs — It’s Essential
- 36% of Swiss SMEs have already been attacked
- 60% of severely affected SMEs go bankrupt within 24 months
- 90% of SMEs are not insured against cyber risks
- A policy costs from CHF 400 per year — a fraction of the potential damage
Your next step: Have your current situation analysed free of charge by BTAG Versicherungsbroker AG. As an independent insurance broker in Bern, BTAG compares all Swiss cyber insurers and finds the policy that fits your SME. Request a free consultation now