SVV Cyber Insurance Summit Switzerland 2024

On 11 December 2024, the first “Cyber Insurance Summit Switzerland” took place at the Zurich Kunsthaus, organised by the Swiss Insurance Association (SVV). This event highlighted the growing importance of cyber insurance in an increasingly digitalised world.

Urs Arbter, Director of the SVV, opened the event with an urgent appeal for cyber insurance. He pointed out that the Federal Office for Cyber Security (BACS) registers a cyber incident every 8.5 minutes. New technologies such as artificial intelligence and quantum computing are exacerbating the threat situation and require collective efforts to reduce risk. Everyone is increasingly exposed and reacts with mistrust to e-mails, text messages and phone calls, because professionals are at work and it is becoming more and more difficult to distinguish reputable from dubious offers.

Cybercrime as a systemic risk

Cybercrime threatens not only individuals, but also entire industries such as healthcare, energy supply and finance. The insurance community plays a central role in pooling risks and developing prevention strategies. Despite an 18.5 % increase in premiums, 92 % of Swiss companies are still not insured against cyber risks.

Implementation of the national cyber strategy

This year, the BACS emerged from the National Centre for Cybersecurity (NCSC), which was founded in 2012. Marc Henauer from the BACS explained that the Swiss Financial Sector Site Security Center (FS-CSC) association has existed since 2022 and acts on behalf of the Federal Council. Its goal is to strengthen cyber resilience in the financial sector and to promote cooperation between financial institutions and authorities. The association acts as a public-private partnership (PPP) with insurers, reinsurers, banks, asset managers, the NCSC, the State Secretariat for International Financial Matters, the Swiss National Bank and the SIA.

Strengthening cyber resilience in the financial sector

Alexandra Arni, CEO of the Swiss Financial Sector Cyber Security Center (FS-CSC), emphasised the importance of cooperation between financial institutions and the authorities. The FS-CSC now has 160 members. The FS-CSC’s mission is a PPP, and its achievements and services, as well as its organisation and lessons learned, are part of its strategy. It promotes the exchange of information and crisis management to strengthen cyber resilience. Since 2017, the Swiss financial centre has been working on an information platform and crisis coordination cell that has been operational since last year. Only by pooling resources and specialists can cyber resilience in the Swiss financial centre be strengthened.

Success factors and international comparisons

In the subsequent panel discussion, Maya Bundt, Chair of the NCS Steering Committee, emphasised the importance of insurers in risk management. Standards must be set to raise the level of security. To strengthen resilience, the insurance industry should have suitable products and be able to assess risks well. The question of international comparisons, such as the National Cyber Security Index, shows that in Switzerland there is still room for improvement in the public communication and documentation of cyber security measures.

The Swiss cyber insurance market

Gábor Jaimes, cyber insurance expert at the SVV and chairman of the FS-CSC, presented data on the cyber insurance market. According to Munich Re, the global cyber insurance market is expected to grow from 214 to 29 billion. Swiss Re shows similar forecasts, up to $19 billion in 2027. The premium volume rose by 18.5 per cent, the number of policies by 16 per cent. With an expected increase in premiums, the market in Switzerland could grow to 183-290 million by 2027. The aim is to make better use of insurance capacity and achieve greater market penetration. The SIA has defined 18 measures in four areas, including awareness-raising campaigns and cooperation with technology providers, to strengthen the market.

Role of the incident responder

A panel discussion was held on preventive approaches to increasing cyber security. Ernesto Hartmann, Defence Officer at InfoGuard, made it clear that cybercrime is a growing business model with immense potential. The target is every digitised company and every person. Last year, InfoGuard handled 260 cases; this year, by October, the number had already reached 194. Although technology is improving and attackers are increasingly being thwarted, intervention skills remain essential. The shadow economy continues to grow, and with it the need for protective measures and insurance. In conclusion, Hartmann emphasised that crisis communication and forensic investigations are part of effective risk management.

Secure data exchange in healthcare

In the healthcare sector, the handling of sensitive data is of the utmost importance. Health Info Net (HIN) ensures this security, according to Urs Fischer, Head of Business Development & Innovation at HIN. This is a private healthcare network developed by the ETH and running over the Secure Resource Network (SSHN). The network connects healthcare professionals, institutions and application providers, ensuring secure access, communication and collaboration. Key aspects are resilience, reliability, control over communication, interoperability and trust in the network. SSHN is based on Swiss technology and is available to 50,000 healthcare professionals. Urs Fischer concluded by asking whether a SSHN would not be a good idea.

PPP using the example of Pool Re (UK)

The last topic discussed the interplay between the state and the private sector using the example of the UK. Tom Clementi, CEO of Pool Re in London, is a member of the National Preparedness Commission and the OECD High Level Advisory Boards on Catastrophic Risk. Pool Re was founded in the early 1990s after a wave of Irish terrorism to address a market failure for terrorism insurance in the UK.

Today, it covers terrorism insurance, which also extends to chemical, biological, radiological, nuclear threats and cyberterrorism. An important aspect of Pool Re is the risk reduction achieved by working with government agencies and investing in national security initiatives. Clementi also emphasised the importance of such partnerships in dealing with uninsurable risks, such as systemic cyber risks, and explained that Pool Re has begun to take a close look at this issue.

The summit made it clear that the challenges of cybercrime can only be overcome through the joint efforts of insurers, authorities and companies.

thebroker

Read also: Broker Security Forum 24: Cybersecurity in the focus of the insurance industry