Following – and even enhancing – European Union’s GDPR framework, Switzerland adapted and buffed up its Federal Law on Data Protection.
In most of the European countries, compliance to the GDPR is seen with worry by companies which handle personal data, as the fines in case of data breach will be up to 4% of their yearly incomes. But for the private citizen, GDPR looks like an “after-crash” parachute in case of violation of his/her privacy with, depending of the countries, some ways to receive indemnities from the guilty company or to sue it in courts.
On the contrary, Switzerland – besides adopting the same sanctions and fines for breached data holders – proposed a proactive system to all the inhabitants of
the country desiring to anticipate and buff up the protection of their data, through public-private partnerships such as the Swiss Internet Security Alliance.
As a consequence, a whole range of free-of-charge services to citizens has been set up (free hotlines in case of phishing, identity theft, encryption viruses etc.), yet the most visible and interesting effect of this 6-months (r) evolution has been the birth of innumerable cheap and well-thought out “individual/family internet protection” contracts proposed as an additional service by all kind of Swiss Insurance Companies.
A person with Swiss residence can now add to their Civil Responsibility, Car, Home or Health insurance the “Internet Protection” extension, with yearly fees starting as low as 4 CHF (3.2 EUR) and rising to a maximum of 100 CHF (85 EUR) per year according to the coverage the customer desires.
The whole Swiss system is based on an individual compulsory and free-of-charge inscription on the website IDprotect.ch, a service created by I-surance.ch and financed by the insurances fees.
There, each individual – and not his insurance – chooses which data he desires to be protected – personal / intimate pictures, texts, passport/ID card numbers, Credit/Debit card numbers and so on.
The role of IDprotect.ch, placed under very strict Federal rules on data confidentiality, is to scan 24/365 the deep web to see if those data are to be found, meaning that they have been compromised. The customer is then immediately called and advised on the procedures to follow and attitude to adopt.
As on the net everything is about time, the team at IDprotect will immediately start to deal with the most urgent technical and juridical aspects (fraud, identity theft, client’s assistant to data recovery in case of crypto-ransomware, direct medical assistance in case of a child or teen in the family is victim of grooming/bullying, a.s.o.).
An amazing element, if we take the mid-level and top-level contracts is that for less than a hundred Euros a year an individual is insured as follows:
- World coverage
- Help in eliminating all private data leaked
- Up to 5000 CHF directly paid to replace the damaged device(s)
- Up to 1000 CHF for undelivered online purchased goods (min. 200 CHF value)
- Up to one million CHF (850’000 EUR) for lawyer’s costs – free choice of the lawyer –, court costs, forensics costs*
- Indemnity for direct financial losses (for private professionals) and reputation los
- Health expenses unlimited coverage in case of psychological consequences for 5 years
- 300’000 CHF in case of partial invalidity caused by an attack (blackmailing, etc.)
- 150’000 CHF to the family in case of death (suicide)
* The list of cases covered is impressive:
- Abusive use of identity
- Abusive use of bank / credit card credentials
- Victim of phishing
- Victim of hacking
- Victim of blackmailing or threatening to the individual or his family
- Victim of sexting, grooming, bullying
- Health expenses unlimited coverage in case of psychological consequences for 5 years
- Victim of stolen virtual property: intellectual property, author’s rights, trade marks and names registered individually, stealth or unauthorized use of private images or confidential texts, a.s.o.
The most important aspect of the new insurance services proposed in Switzerland is the forecasted ability for individuals to obtain (at their choice) a full protection to fit the possible extent of damages and a constant challenge service (except in the USA or some advanced Asian countries) for Company Insurances.
As an example, a “cyber security” insurance for a company in France or Italy, is still based on the gross incomes of the contract buyer, is generally very expensive, and covers a maximum of some millions in case of damage, which is far below the real financial consequences of the most recent global attacks. The reason of this “half-blind” system is that neither the insurance companies nor the companies buying insurance have strict and uniform standards to evaluate the resilience of the infrastructures, the employees’ capacities in security basic knowledge and the effectiveness of the CISO/CSO department.
The lack of awareness of the majority of the companies’ boards forms the base of the compulsory under-evaluation extent of the damages. Security being immature as a whole, national insurances cannot reward companies which do perfectly comply to all NIST / GDPR frameworks with fair yearly fees and very high refunds in case of attack, pushing several sectors (banking, finance, critical infrastructures) to contract, where possible, an overseas insurance company.
Why is this new-born service predicted to have such a shiny future?
There are many simple reasons creating the ecosystem where insurance can engage at a fair price and high refunds without risk, and all of them are met in the 26-Cantons country.
1 Swiss citizens are often mocked as being “overinsured”, which is partially true yet has to be seen, not as a fear but as a knowledge of the costs in case of problems. Civil responsibility protection, healthcare insurance, car insurance, home insurance and many more are compulsory and privately-handled. Among them, the only public one, healthcare, became private
– under State supervision for fixing the annual raising of fees, (after a popular referendum held in 1996). Statemanaged insurance programmes are only the loss of job insurance and the invalidity insurance as well as a small pension fund, to be completed with private ones.
2 As a consequence of “everybody being insured” and a general mentality of being collectively responsible of being honest with the insurances, the companies of this sector are fully beneficiary and provide customers several bonuses, which are almost an exclusive Swiss privilege. E.g. we can quote the full refund of broken glass in a ca (no matter the cause: urban violence or simple driving incident), without any “bonus reduction” on the next yearly fee.
Another example is the optional hand-luggage full insurance valid everywhere (bus, train, plane) for less than 50 CHF per year – we were stolen once, and the insurance refunded us in a week not only the full price of the of the photo machine which was inside, but also of the cabin trolley!
3 Being proposed for a very reasonable price as a “plus” to an already contracted – and compulsory by law – healthcare, car or home insurance, the cyber-insurance is ready at a click, benefitting in marketing terms of an already “captive customer” (bonuses) having a long-term relationship with the company.
4 With a knowledge and free choice of “which data to protect” the trust and collaboration between the customer and the insurance is total. Moreover, the insurance platform can use all its assets to scan the net in search of very precise items and reduce at a maximum the duplication of leaked/stolen data when they appear.
5 Without being naïve, several of the services offered are already packed in the compulsory insurances (illnesses, invalidity, death) or in the financial terms most Swiss Banks offer (full credit card data stealth coverage, very limited fee to pay if debit card stolen with PIN, a.s.o.)
Anyway, these new insurances will make some companies (like aggressive ecommerce ones) very careful with Swiss data of unknown provenience or bought on the grey market. The possibility for Swiss citizens to easily benefit from coverage of lawyer and court costs up to one million CHF will give to Swiss citizens the capacity to sue, if needed, a US company in a US court, an action which is financially impossible to any normal European citizen.
Laurent Chrzanovski
Laurent Chrzanovski (HDR Postdoc Phd MA BA) is a Professor at the Doctoral and Postdoctoral School of Social Sciences at the University of Sibiu (Romania). Thanks to his work experience in 12 European and South Mediterranean countries, he has since 2010, expanded his fields of research into cyber security, social, behavioral, cultural and geopolitical aspects. As such, he is a member of the ITU (UN-Geneva) cybersecurity expert group and a contract consultant for the same institution, as well as for several Swiss and French think-tanks (PPP). He founded in 2013 and continues to run, the “Cybersecurity in Romania”, a macro-regional public-private platform (www. cybersecurityromania.ro), supported by the ITU, all related public institutions in the host country, as well as many other specialist organizations from France, Switzerland, Italy and the United Kingdom. In the same spirit, he co-founded in 2015 and is editor-in-chief of one of the very few free quarterly cyber-prevention journals (a PPP) designed for the general public. Originally, intended for Romanian audiences, Cybersecurity Trends is today published – with the collaboration of prestigious specialist partners – in multiple languages adapted to French, Italian, English (as of June 2017) and German (as of September 2017) audiences (https://issuu.com/ cybersecuritytrends). It should be noted that the Congress and the magazine have been promoted and supported by the ITU since 2015 as the “Best Practice Example for the European Continent”. Laurent Chrzanovski is the author / editor of 23 books, of more than 100 scientific articles and as many other texts intended for the general public.
