Zurich says introducing just five controls can reduce the risk of the most common cyberattacks by two thirds at small and medium-sized enterprises (SMEs). 

The top five controls to mitigate common cyber risks were listed as system monitoring, configuration settings, malicious code protection, baseline configuration and least functionality.  

Zurich is offering a combination of these technical controls with its cyber risk assessment and quantification services to SMEs in Switzerland and France. It plans to use these insights to enable Zurich’s cyber underwriting teams to better customise cyber coverage for SMEs.  

Zurich says the new approach quantifies risk in monetary terms, for example a $20 million exposure to ransomware can be reduced by half or more with an investment of about $10,000 to put controls in place. 

The insurer’s research identified 10 controls that cover 70% of the risks, and Zurich says it cross-checked and validated the controls against global customer assessments and claims data. 

Rounding out the 10 controls were continuous monitoring, least privilege, access enforcement, account management and software, firmware and information integrity. 

“Prevention remains the most effective protection against cyber threats. Companies must constantly assess and monitor their cyber exposures and invest in building resilience,” Zurich Resilience Solutions Principal Cyber Risk Engineer Vivien Bilquez said. 

Zurich provides specialised cyber support services for SMEs to close risk gaps, including dark web monitoring, employee training through simulation programs, and assessment and monitoring of potential supply chain threats.