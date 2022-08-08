Spiros Fatouros, CEO, Marsh Africa.

The toll of almost three years of unrelenting workplace disruption, digital transformation and ransomware attacks means just 4% of regional business leaders are confident in their organisation’s ability to manage cyber risks. This is according to a new report published by Marsh, the world’s leading insurance broker and risk advisor, and Microsoft Corporation, a leading platform and productivity company for the mobile-first, cloud-first world.

The report: The Middle East & Africa State of Cyber Resilience, questioned over 660 regional and global cyber risk decision-makers and analyses how cyber risk is viewed by various functions and executives in leading organisations, including cyber security and IT, risk management and insurance, finance and executive leadership.

According to the report, business leaders' confidence in their organisations' core cyber risk management capabilities – including the ability to understand/assess cyber threats, mitigate/prevent cyber attacks and manage/respond to cyber attacks – remains a major concern for the region’s business leaders – with over three quarters (76%) having no confidence in their own organisation’s cyber resilience.

“It’s not about if you will get attacked, it’s a matter of when it will happen, which makes it all the more surprising that organisations continue to take a siloed approach rather than looking at the risk from an enterprise-wide perspective,” said Spiros Fatouros, CEO, Marsh Africa.

Further, many organisations are still struggling to understand the risks posed by their vendors and digital supply chains as part of their cyber security strategies. Sixty percent of respondents stated they have not conducted a risk assessment of their vendors or supply chains.

Other findings included a third (37%) of organisations admitted to not having any kind of cyber insurance in place even though it is a key element in managing cyber risk. This is despite a rapid increase in the number of cyber attacks over the last few years and omnipresence of this risk – according to Microsoft, they receive 24 trillion security signals per day.

Indeed, more than half (54%) of the those organisations that had secured insurance acknowledged that doing so was accepted best practice within their business sector and had helped them adopt a more stringent and resilient approach to cyber risks. Three quarters (75%) recognised that insurance was an important part of any cyber risk management strategy.

Fatouros added: “Cyber risks are pervasive across most organisations. Successfully countering cyber threats needs to be an enterprise-wide goal, aimed at building cyber resilience across the firm, rather than singular investments in incident prevention or cyber defence. Greater cross-enterprise communication can help the region’s businesses bridge the gaps that currently exist, boost confidence and better inform overall strategic decision-making around cyber threats.”

