17 March 2015. Although risks such as hacker attacks and data theft are regarded as dangers, according to the survey, protective measures are largely considered to be inadequate.The survey is part of a new study of the Institute of Insurance Economics (I.VW-HSG) of the University of St.Gallen which examined the risk management and insurability of cyber risks. It was conducted on behalf of the Swiss company Kessler & Co.

The study makes use of many examples to demonstrate that cyber risks are not unlikely events but are part and parcel of everyday corporate life. Thus more than 90 per cent of all companies were affected by hacker attacks in the past year, with banks being the target of cyber attacks more frequently than other companies. Also, big corporations are more often attacked than small companies.

However, the study also points to the special risk situation of SMEs since these are often inadequately protected. A survey among SMEs reveals a very patchy picture of how they treat cyber risks. Their behaviour in this respect depends very strongly on the industry and on whether sensitive customer data are involved. In this connection, pension schemes and healthcare providers are mentioned as examples.

Prevention and insurance

In the context of the study, interviews were also conducted with four insurers which offer policies for the coverage of cyber risks. The interviewed insurers confirmed that the management of cyber risks in companies was still very underdeveloped and required considerable improvement. They regarded a combination of prevention (such as firewall, anti-virus software, etc.) and insurance as the most effective form of cyber risk management.

The demand for and supply of cyber-risk insurance solutions are still very low in the German-speaking area. The volume of the cyber insurance market in Switzerland is estimated to be a mere five million Swiss francs. The insurers assume, however, that the cyber insurance market will increase to a significant extent in the next few years. They are expecting a tenfold increase within the next five years.

Regional failure possible

A further aspect that is analysed in the study is the danger of a total collapse of the internet. This would have far-reaching economic consequences. However, the authors of the study came to the conclusion that owing to the decentralised structure of the internet, this was somewhat unlikely.

What was conceivable, though, were regionally limited, temporary internet failures, which have already happened several times. Thus in March 2013, almost the entire African continent was separated from the internet for a few hours because of damaged submarine cables. Last December, North Korea was detached from the internet for a whole night – it is suspected that this was caused by a hacker attack. Effective cyber crisis management is also of enormous importance to companies for protection against such scenarios. 

Bild: Fotolia.com / igor