Balgrist University Hospital – Cyber Security Assessment

Cyber ​​Security Assessment as the basis for cyber insurance

As a university clinic with private sponsorship Balgrist is committed to the highest quality and performance standards. The commitment to quality is reflected, among other things, in the fact that the clinic ensures both the highest possible information security and protects their patient data.

Looking for ways to optimally protect certain cyber risks, Balgrist turned to Kessler, a partner company of AdNovum, in 2018. As part of the risk dialogue, Kessler recommended a Cyber Security Assessment from AdNovum to provide a better overview of the insurable cyber risks and thus the optimal conditions for tailor-made cyber insurance.


AdNovum’s Cyber Security Assessment identifies the biggest risks and reviews the existing security arrangements of an organization. It identified risks that Balgrist could cover with insurance and showed where the hospital could become active itself. The Cyber Security Assessment consists of three main activities: identifying risks, assessing risks and managing risks.


Details of the mandate:

  • Gap analysis to determine the information security risks within the organization
  • Risk assessment based on experience and the information provided by Balgrist University Hospital
  • Definition of a list of priority measures to minimize the risks identified
  • Possible future implementation of priority measures based on risk assessment
  • Possible reassessment of the risks on an annual basis


Added value for Balgrist:

  • Balgrist knows risks and possible measures to reduce them.
  • Balgrist can show the authorities, as well as their patients and staff, that they are doing everything possible to protect personal data.
  • Balgrist's governance in regard to information security is state of the art.
  • Balgrist enjoys double protection: the current IT environment protects them from cyber-attacks and the insurance from financial consequences, should an incident ever arise.