Cyberattack: Who pays for what? What cyber insurance policies in French-speaking Switzerland (really) cover: ransom, interruption, restoration, expert assessment, legal matters

Cyberattack: Who pays for what? What cyber insurance policies in French-speaking Switzerland (really) cover

Introduction

Cyberattacks are no longer an abstract threat: according to insurers operating in Switzerland, thousands of incidents are reported every year, and SMEs are among the most frequent targets. For a manager or financial officer, the issue is not just technical: it's a matter of financial survival and governance. After an attack, how much will the company have to pay out of pocket, and what amounts or services can a cyber insurer actually cover? This article clarifies, in practical terms, what cyber insurance in Switzerland covers: ransomware, business interruption, system restoration, technical expertise, and legal fees. By the end, you'll know what decisions to make with your broker to manage this risk.

What is cyber insurance? (basic framework)

Cyber insurance is a contract designed to transfer some of the financial risk associated with digital incidents. It acts as a financial safety net when systems are compromised, data is stolen, or third parties seek compensation.

This type of insurance differs from traditional coverage (fire, professional liability): it covers intangible losses related to the use of information systems and the resulting liability.

In Switzerland, the product is not yet mandatory, but many large multi-risk policies now include specific cyber modules; it is also developing as a standalone contract for SMEs.

1. Ransom and cyber-extortion: who pays what?

Cyber-extortion (ransomware): operational definition

Ransomware is malicious software that encrypts a company's data and demands a ransom to restore access.

Cyber insurance can cover costs related to extortion , sometimes including the ransom itself or the costs of negotiating with the attackers. This type of coverage is generally optional and subject to strict terms and conditions, including:

• Prerequisites to be paid: use of authorized negotiation specialists.

• Contractual limitations or exclusions related to certain forms of attacks or illegal acts.

A well-structured insurer will often include cyber-negotiation experts in its offering, but direct payment of the ransom remains a strategic decision that must be managed with the broker.

What insurance typically covers

According to market standards, a cyber insurance policy often includes:

• Costs of investigating and responding to the attack, including computer forensics.

• Costs of negotiating with attackers and possible conditional payment.

• Crisis management services to limit the impact of extortion.

What it does not necessarily cover : criminal penalties, fines for unreported illegal activity, undocumented loss of income.

2. Business interruption (loss of earnings)

Why this coverage is strategic

A cyberattack can paralyze critical systems, making billing, production, or even file access impossible. This business interruption often results in a drop in revenue while fixed costs continue to accrue.

A well-structured cyber insurance policy includes compensation for business interruption losses specifically related to a cyber incident. This differs from a traditional business interruption loss (e.g., physical damage): here, the origin is intangible, but the financial impact is real.

What the insurer typically covers

• Compensation for documented lost revenue during the period when the business is affected.

• Coverage of additional costs to maintain operations (overtime, alternative solutions).

• Compensation for fixed costs (salaries, rents) which continue to accrue despite the shutdown.

This type of coverage is often based on a historical baseline of results provided by the company (turnover, margins, etc.), hence the importance of properly documenting your figures before a claim.

3. Data and System Restoration

Data and systems: critical assets

When a system is compromised, the first operational question is: “How do we restore our data, servers and applications?” This step is often costly, especially if the SME does not have an internal IT team.

Cyber insurance typically covers:

• The costs of recovering data from backups or specialized services.

• System restoration costs (intervention by technical experts).

• Fees for independent consultants if necessary for the reconstruction of the infrastructure.

Documents to be documented

Box – What to document for restoration

• Backup log and incident logs.

• Contracts and SLAs with IT service providers.

• Evidence of data loss and actual costs incurred.

• Quotes and invoices from external service providers.

4. Expertise, forensics and legal costs

technical expertise

Cyber insurers often finance forensic analyses (IT expertise to understand how the attack occurred). This work is essential for managing risk and meeting legal notification requirements.

Legal assistance and defense

After an incident, the company may be exposed to:

• Complaints from customers or partners if data concerning them has been leaked.

• Legal notification obligations under the new Swiss Data Protection Act (nLPD) or under sectoral rules.

• Needs for legal defense , specialized lawyers or representation before authorities.

Cyber insurance can cover:

• Lawyers' and defense fees .

• Representation costs before administrative or civil bodies.

• The costs of compliance and procedure monitoring .

5. Civil liability and third parties

A cyberattack can lead to liability towards third parties : customers, partners, suppliers. Cyber liability insurance covers:

• Compensation owed to third parties for losses related to a data breach.

• The costs of defending against these claims.

• Sometimes, contractual penalties if provided for by commitments binding the company to third parties.

Guidelines and checklist for SMEs

Coverage category: What it covers ; Documents/indicators

Extortion/ransom: Payment, negotiation, advice; Contract, limits

Operating loss, lost revenue, fixed costs, historical sales figures, margins

IT Restoration Data + Systems Backups, Logs, Quotes

Legal matters: Lawyers, notifications, contracts, correspondence

Civil liability, third-party repairs, customer/supplier contracts

Common mistakes and how to avoid them

1. Confusing cyber insurance and professional liability insurance

Liability insurance does not automatically cover purely digital risks. An explicit cyber insurance module is required.

2. Underestimating thresholds and exclusions

Many policies have limits per claim , high deductibles , or exclusions (intentional acts, known negligence). Read the General Terms and Conditions of Insurance (GTC) with your broker.

3. Failure to document before a disaster

Coverage such as business interruption or data restoration requires documented elements before an incident (CA, backup plans, service providers).

4. Neglecting integration with internal governance

Cyber insurance does not replace an internal cybersecurity policy : it must be integrated into a prevention and disruption plan.

Questions to ask your insurer/broker

1. What are the limits and deductibles per type of risk (ransom, business interruption, legal)?

2. What exactly does cyber-extortion cover? Is direct payment included?

3. How is the operating loss calculated? On what historical basis?

4. What security prerequisites are required for the coverage to be valid?

5. Does the insurance cover the notification obligations under the Swiss Data Protection Act?

6. Are computer forensic fees included without a separate limit?

7. What is the third-party liability coverage ?

8. Is dedicated legal assistance included?

9. What are the main exclusions , particularly regarding intentional acts or gross negligence?

10. How does the claims process work and is it possible to have a single point of contact?

Conclusion

For an SME in French-speaking Switzerland, cyber insurance is more than just a marketing gimmick: it's a governance tool for managing, documenting, and monitoring cyber risk. Knowing "who pays for what" requires understanding the coverage categories , the necessary documentation , and the quantifiable decisions to be made with your broker. Integrating this coverage into your risk management plan helps you transform a potential crisis into a controlled response.

Next step: conduct a portfolio audit focused on your digital risks, then hold a structured workshop with your broker to address the identified gaps.