The toll of almost three years of unrelenting workplace disruption, digital transformation and ransomware attacks means just 4% of regional business leaders are confident in their organisation’s ability to manage cyber risks.
This is according to a new report published by Marsh, the world’s leading insurance broker and risk advisor, and Microsoft Corp., a leading platform and productivity company for the mobile-first, cloud-first world.
The report, The Middle East & Africa State of Cyber Resilience, questioned over 660 regional and global cyber risk decision makers and analyses how cyber risk is viewed by various functions and executives in leading organisations, including cybersecurity and IT, risk management and insurance, finance, and executive leadership.
According to the report, business leader’s confidence in their organization’s core cyber risk management capabilities – including the ability to understand/assess cyber threats, mitigate/prevent cyber-attacks, and manage/respond to cyber-attacks – remains a major concern for the region’s business leaders – with over three quarters (76%) having no confidence in their own organisation’s cyber resilience.
“It’s not about if you will get attacked, it’s a matter of when it will happen, which makes it all the more surprising that organizations continue to take a siloed approach rather than looking at the risk from an enterprise-wide perspective,” says Spiros Fatouros, CEO of Marsh Africa.
In addition, many organisations are still struggling to understand the risks posed by their vendors and digital supply chains as part of their cybersecurity strategies. 60% of respondents stated that they have not conducted a risk assessment of their vendors or supply chains.
Other findings include the fact that one-third (37%) of organisations admitted to not having any kind of cyber insurance in place even though it is a key element in managing cyber risk. This is despite a rapid increase in the number of cyber-attacks over the last few years and omnipresence of this risk – according to Microsoft they receive 24-trillion security signals per day.
Indeed, more than half (54%) of the those organizations who had secured insurance acknowledged that doing so was accepted best practice within their business sector and had helped them adopt a more stringent and resilient approach to cyber risks. Three quarters (75%) recognised that insurance was an important part of any cyber risk management strategy.
Fatouros adds: “Cyber risks are pervasive across most organizations. Successfully countering cyber threats needs to be an enterprise-wide goal, aimed at building cyber resilience across the firm, rather than singular investments in incident prevention or cyber defense. Greater cross-enterprise communication can help the region’s businesses bridge the gaps that currently exist, boost confidence, and better inform overall strategic decision making around cyber threats.”