Zurich Lists 10 Cyber Controls that will Help SMEs Thwart 70% of Cyberattacks

Zurich Lists 10 Cyber Controls that will Help SMEs Thwart 70% of Cyberattacks
Zurich Insurance Group (Zurich) and researchers at one of the world's leading universities ETH Zurich have identified 10 controls that can reduce the risk of becoming a victim of the most common cyberattacks by up to 70%.

In a joint study, they analysed how small and medium-sized enterprises (SMEs) can identify areas that need attention and quickly implement solutions to keep digital intruders at bay.

The acceleration of the digital transformation, including emerging technologies, the move to cloud services and remote working, have created new vulnerabilities that can be exploited by cyber criminals using increasingly sophisticated techniques. In 2022, global cyberattacks increased by 38% compared with the 2021 (Check Point Research) and the average data breach cost was USD 4.35 million (IBM Cost of a Data Breach Report 2022).

For SMEs, managing the complexity of cyber risks can be a challenge due to a lack of resources or know-how. To address this issue, Zurich collaborated with ETH Zurich researchers to determine the most effective cyber controls for SMEs. The research identified five controls that together help mitigate 66% of the most common cyber risks, and 10 controls that cover 70% of the risks.

Zurich cross-checked and validated the controls identified in the study against information gathered from its SME customer questionnaire and benchmarking data from global customer assessments and claims.

10 controls mitigating 70% of the most common SME cyber risks
1. System monitoring6. Continuous monitoring
2. Configuration settings7. Least privilege
3. Malicious code protection8. Access enforcement
4. Baseline configuration9. Account management
5. Least functionality10. Software, firmware and information integrity

When these technical controls are combined with Zurich’s cyber risk assessment and quantification services, SMEs are then able to quantify their cyber exposure, prioritize actions and determine the budget required. Once implemented, Zurich’s cyber resilience experts can help validate the effectiveness of the controls through cyber penetration testing services.

Zurich will initially make this solution available to SMEs in Switzerland and France. It also plans to use these insights to enable Zurich’s cyber underwriting teams to better customize cyber coverage for SMEs.

Vivien Bilquez, Principal Cyber Risk Engineer at Zurich Resilience Solutions, said: “Prevention remains the most effective protection against cyber threats. Companies must constantly assess and monitor their cyber exposures and invest in building resilience. With this new approach, we can quantify cyber security risk in monetary terms, which enables management to make better informed decisions. For example, a USD 20 million exposure to ransomware can be reduced by 50% or more with an investment of about USD 10,000 to put controls in place.”

Cyber security starts with strong governance and robust risk awareness. In addition to the new solution, Zurich also provides specialized cyber support services for SMEs to close risk gaps. This includes dark web monitoring, employee training through immersive simulation programs, and assessment and monitoring of potential threats coming from businesses’ supply chains.

Source: Zurich

Share this article: