Two employees in the server room

IT contingency plan for SMEs

Nowadays, no company can afford a prolonged IT system failure. In the best case, the failure "only" costs money; in the worst case, it costs the company its existence. Every company therefore needs an IT contingency plan to be better prepared for cyberattacks and system failures. Small and medium-sized enterprises are particularly at risk.
The digital transformation is increasing the dependency of many companies on business-critical programs and is also raising the risk of cyberattacks. SMEs, which have fewer resources than large companies and are therefore less well prepared, are particularly at risk. A third of all Swiss SMEs have already been attacked by cybercriminals at least once.

Prevention is better than cure

A cyberattack or a system failure due to operating, hardware or software errors can paralyze IT – and therefore operations – for days or weeks. This costs a lot of money and harms customer trust and reputation. That's why every company, regardless of its size, needs a plan for recovering business-critical data and IT systems in the event of an emergency. Many SMEs are technically prepared: They protect their IT systems with virus protection programs, update their software regularly and have installed firewalls. However, too few have an IT contingency plan or an IT disaster plan for how to react to an attack or failure.

What forms part of an IT contingency plan?

The contingency plan ensures that a company can respond appropriately, quickly and effectively to IT emergencies. An IT contingency plan for SMEs should contain at least the following documents:

  • All contact details of the company management and central IT staff
  • All contact details for external IT service providers and cyber insurance
  • Documentation of all relevant IT systems, networks and applications – including dependencies and possible effects on business-critical processes
  • Templates for communication with key customers, suppliers and partners, as well as with stakeholders such as the National Cyber Security Center NCSC
  • Checklists with tasks and responsibilities for the most likely IT emergency scenarios such as data breaches, ransomware attacks or system failures
  • List of all documents that may be helpful in an emergency, for example inventory, customer and personnel lists, system and application documentation, or recovery plans.

The IT contingency plan must be physically stored in a secure location and updated at least once a year. All key employees and management must know where to find the plan and be able to access it at any time.

Checklists for IT disaster scenarios

No two crises are the same. Every SME should therefore integrate various checklists with measures for the most likely IT disaster scenarios into its contingency plan. In addition to measures, the checklists also define escalation levels, reporting channels and responsibilities.

Measures in the event of a ransomware attack

  1. Disconnect the backup system from the network immediately
  2. Switch off the router and disconnect all connections to the Internet
  3. Disconnect the server from the network, but do not switch it off (preservation of evidence)
  4. Do not pay a ransom – or only in consultation with an experienced service provider specializing in IT emergencies
  5. Do not communicate via the internal email system
  6. Do not use possibly infected systems and applications
  7. No hasty technical system analysis or recovery

Measures in the event of a data breach

  1. Determine the extent of the stolen or compromised data and document it for the investigation.
  2. Report the incident immediately to the cantonal police and, in the case of cyberattacks, also to the National Cyber Security Center NCSC. In addition, the Federal Data Protection and Information Commissioner (FDPIC) must be informed in accordance with the Data Protection Act if the risk for the parties concerned is high. 
  3. Consult a lawyer who will assess whether the incident is reportable, communicate with the FDPIC and support the company in dealing with the consequences of the incident.
  4. Inform all affected (natural and legal) entities.
  5. Improve technical and organizational measures to improve system security and data protection and prevent such incidents in the future.

Important: SMEs that have taken out cyber insurance should first clarify the coverage of costs with their insurance company before consulting a lawyer.

Measures in the event of an IT system failure

  1. Disconnect the backup system from the network immediately
  2. Inform all users
  3. Localize affected systems and applications
  4. Check system for hardware and software defects and communication problems
  5. Clarify dependencies and impact
  6. Check documentation and recovery plan
  7. Contact an external IT service provider

Trust is good; training and testing is better

You can say what you like on paper. It is therefore not enough to create an IT contingency plan, print it out and file it away. These measures prevent small and medium-sized enterprises from only finding out how good their contingency plan really is in the event of an emergency:

  • Update the IT contingency plan on an ongoing basis and test it regularly, for example through simulated disaster scenarios or exercises
  • Continuously adapt the IT contingency plan to current threats, but also to new legal requirements, new IT infrastructures and new technologies
  • Make all employees aware of the topics of IT security and data privacy, inform them about the contingency plan and conduct training courses or workshops

Because when it happens, it's urgent

Companies that have cyber insurance with Zurich can call our 24/7 cyber hotline around the clock. You will find the telephone number on the insurance policy. During office hours, specialized Zurich employees take care of the case; at night and on weekends, the IT security experts from our partner network lend a hand.

From the IT contingency plan to the recovery plan

With the measures in the checklists, the IT contingency plan helps companies to handle the first few important hours after a disaster. The company then needs a recovery plan to get the IT infrastructure up and running again as quickly as possible and to restore all important data. How to do it, we explain in the article: A Business Continuity Plan as Plan B in an Emergency.

More articles

How SMEs protect against hacker attacks

A hacker attack threatens a company's existence

Every week, the National Cyber Security Center (BACS) receives hundreds of reports of cyber incidents: at peak times over 2,000 per week. SMEs are at particular risk. What dangers lurk for small and medium-sized enterprises?
Man looking something in a tablet

Plan B: Business continuity plan for SMEs

When IT stands still, most companies stand still. This is why SMEs – which are increasingly falling victim to cyber attacks – need a continuity plan as a plan B.
Woman sitting at a computer in a warehouse

Authentication: Protect your network and your data

With strong authentication such as 2FA or MFA, SMEs protect their company network and data with a password and at least one other factor.
Men having a cheerful discussion

The story of our cyber insurance customer Planted

The start-up Planted is causing a stir with its innovative plant-based foods.
Two female scientists at the computer

Improving patient safety with AI

For hospital treatments: any damage or loss event that can be avoided is invaluable. Consequently, Zurich is working towards improving patient safety in close cooperation with hospital clients and with the help of artificial intelligence.
Young man

Kaisin: New entrepreneurs with a recipe for success

Success with delicious poké bowls – co-founder Delano Fischer chats about his innovative Zurich start-up.
Woman using an analysis device

Hackers set their sights on hospitals.

Hospitals bear great responsibility for their patients. This makes hacker attacks all the more dangerous for them.