Ransomware incidents: Guidance for companies
Ransomware attacks pose a growing and acute danger to companies, including in Switzerland. This is why the Swiss government supports the Counter Ransomware Initiative (CRI), which is aimed at combating this threat. The CRI’s membership is made up of entities from 68 different countries, industry associations and the private sector, and the organisation seeks to help companies be better prepared for potential attacks and make them more resilient to ransomware.
Ransomware attacks, in which criminal encrypt data or systems and demand ransoms, are on the rise across the globe. In 2023 alone a record volume of ransom payments was made. In Switzerland too, ransomware remains a threat that needs to be taken seriously. According to the 2024 semi-annual report published by the Swiss National Cyber Security Centre (NCSC) 39 incidents were reported in the first half of that year. Although this is fewer than the 56 cases reported during the same period in 2023, the danger remains pervasive. We don’t have any exact figures for ransom payments in Switzerland yet.
Guidance for companies
The CRI has developed comprehensive guidance that offers companies that fall victim to ransomware attacks specific recommendations on what to do. The goal is to keep the damage to a minimum and help the company with its decision-making – particularly with regard to the question of whether to pay the ransom. The guidance highlights the risks and potential consequences of paying up, and offers alternative measures to mitigate the impact.
Clear recommendation: Don’t pay ransoms
The CRI and NCSC strongly advise against acceding to demands for ransom payments. Paying ransoms doesn’t guarantee that you’ll get your data back or that the threats will end. On the contrary: They encourage criminals to keep doing what they’re doing, and could invite further attacks, according to experts.
Cyber insurance as part of the solution
Cyber insurance can play an important role when it comes to ransomware attacks. Not only does it provide financial support in the event of a loss, but it also helps companies improve their security as a preventive measure. Even during an ongoing cyber incident, insurers will support affected customers with advice. The Swiss Insurance Association (SIA) works closely with the NCSC to raise awareness among its members and the public at large of the risks of ransomware and the preventive measures that can be taken.
Aim of the guidance
The purpose of the CRI’s guidance is to limit the impact of ransomware incidents, and in particular to reduce companies’ costs and downtimes, as well as the number of ransom payments made and their amounts if victims do decide to pay.
