Media releaseZurichJuly 20, 2023

The 10 cyber controls that will help SME thwart 70% of cyberattacks

Zurich Insurance Group (Zurich) and researchers at one of the world's leading universities ETH Zurich have identified 10 controls that can reduce the risk of becoming a victim of the most common cyberattacks by up to 70%. In a joint study, they analyzed how small and medium-sized enterprises (SMEs) can identify areas that need attention and quickly implement solutions to keep digital intruders at bay.

The acceleration of the digital transformation, including emerging technologies, the move to cloud services and remote working, have created new vulnerabilities that can be exploited by cyber criminals using increasingly sophisticated techniques. In 2022, global cyberattacks increased by 38% compared with the 2021 (Check Point Research) and the average data breach cost was USD 4.35 million (IBM Cost of a Data Breach Report 2022).

For SMEs, managing the complexity of cyber risks can be a challenge due to a lack of resources or know-how. To address this issue, Zurich collaborated with ETH Zurich researchers to determine the most effective cyber controls for SMEs. The research identified five controls that together help mitigate 66% of the most common cyber risks, and 10 controls that cover 70% of the risks.

Zurich cross-checked and validated the controls identified in the study against information gathered from its SME customer questionnaire and benchmarking data from global customer assessments and claims.


10 controls mitigating 70% of the most common SME cyber risks
1. System monitoring 6. Continuous monitoring
2. Configuration settings 7. Least privilege
3. Malicious code protection 8. Access enforcement
4. Baseline configuration 9. Account management
5. Least functionality 10. Software, firmware and information integrity

When these technical controls are combined with Zurich's cyber risk assessment and quantification services, SMEs are then able to quantify their cyber exposure, prioritize actions and determine the budget required. Once implemented, Zurich’s cyber resilience experts can help validate the effectiveness of the controls through cyber penetration testing services.

Zurich will initially make this solution available to SMEs in Switzerland and France. It also plans to use these insights to enable Zurich’s cyber underwriting teams to better customize cyber coverage for SMEs.

Vivien Bilquez, Principal Cyber Risk Engineer at Zurich Resilience Solutions, said: “Prevention remains the most effective protection against cyber threats. Companies must constantly assess and monitor their cyber exposures and invest in building resilience. With this new approach, we can quantify cyber security risk in monetary terms, which enables management to make better informed decisions. For example, a USD 20 million exposure to ransomware can be reduced by 50% or more with an investment of about USD 10,000 to put controls in place.”

Cyber security starts with strong governance and robust risk awareness. In addition to the new solution, Zurich also provides specialized cyber support services for SMEs to close risk gaps. This includes dark web monitoring, employee training through immersive simulation programs, and assessment and monitoring of potential threats coming from businesses’ supply chains.

Contacts

  • Media Relations
    Zurich Insurance Group
    Mythenquai 2
    8002 Zurich
    Switzerland
    +41 44 625 21 00

Zurich Insurance Group (Zurich) is a leading multi-line insurer serving people and businesses in more than 200 countries and territories. Founded 150 years ago, Zurich is transforming insurance. In addition to providing insurance protection, Zurich is increasingly offering prevention services such as those that promote wellbeing and enhance climate resilience.

Reflecting its purpose to ‘create a brighter future together,’ Zurich aspires to be one of the most responsible and impactful businesses in the world. It is targeting net-zero emissions by 2050 and has the highest-possible ESG rating from MSCI. In 2020, Zurich launched the Zurich Forest project to support reforestation and biodiversity restoration in Brazil.

The Group has about 60,000 employees and is headquartered in Zurich, Switzerland. Zurich Insurance Group Ltd (ZURN), is listed on the SIX Swiss Exchange and has a level I American Depositary Receipt (ZURVY) program, which is traded over-the-counter on OTCQX. Further information is available at www.zurich.com.