Ten most effective cyber controls for SMEs - Zurich

Zurich Insurance Group and researchers at ETH Zurich university have identified 10 controls that can reduce the risk of becoming a victim of the most common cyber attacks by up to 70%.

Their joint study analysed how SMEs can identify areas that need attention and quickly implement solutions to keep digital intruders at bay. They identified five controls that together help mitigate 66% of the most common cyber risks and 10 controls that cover 70% of the risks.

Zurich cross-checked and validated the controls identified in the study against information gathered from its SME customer questionnaire and benchmarking data from global customer assessments and claims.

10 controls mitigating 70% of the most common SME cyber risks:

1. System monitoring
2. Configuration settings
3. Malicious code protection
4. Baseline configuration
5. Least functionality
6. Continuous monitoring
7. Least privilege
8. Access enforcement
9. Account management
10. Software, firmware and information integrity

When these technical controls are combined with cyber risk assessment and quantification services, SMEs are then able to quantify their cyber exposure, prioritise actions and determine the budget required.

Vivien Bilquez, principal cyber risk engineer at Zurich Resilience Solutions, said: “Prevention remains the most effective protection against cyber threats. Companies must constantly assess and monitor their cyber exposures and invest in building resilience. With this new approach, we can quantify cyber security risk in monetary terms, which enables management to make better informed decisions."

    Share Story:


Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023