Category Risk Management

Marsh and Microsoft report highlights just 4% of the Middle East & Africa region’s business leaders are confident in their organization’s ability to successfully deal with a cyber-attack

05 August 2022 Marsh Africa
Spiros Fatouros, CEO at Marsh Africa

Spiros Fatouros, CEO at Marsh Africa

The toll of almost three years of unrelenting workplace disruption, digital transformation and ransomware attacks means just 4% of regional business leaders are confident in their organization’s ability to manage cyber risks.

This is according to a new report published by Marsh, the world’s leading insurance broker and risk advisor, and Microsoft Corp., a leading platform and productivity company for the mobile-first, cloud-first world.

The report, The Middle East & Africa State of Cyber Resilience, questioned over 660 regional and global cyber risk decision makers and analyses how cyber risk is viewed by various functions and executives in leading organizations, including cybersecurity and IT, risk management and insurance, finance, and executive leadership.

According to the report, business leader’s confidence in their organization’s core cyber risk management capabilities – including the ability to understand/assess cyber threats, mitigate/prevent cyber-attacks, and manage/respond to cyber-attacks – remains a major concern for the region’s business leaders – with over three quarters (76%) having no confidence in their own organization’s cyber resilience.

“It’s not about if you will get attacked, it’s a matter of when it will happen, which makes it all the more surprising that organizations continue to take a siloed approach rather than looking at the risk from an enterprise-wide perspective.” said Spiros Fatouros, CEO, Marsh Africa.

Further, many organizations are still struggling to understand the risks posed by their vendors and digital supply chains as part of their cybersecurity strategies. 60% of respondents stated that they have not conducted a risk assessment of their vendors or supply chains.

Other findings included, a third (37%) of organizations admitted to not having any kind of cyber insurance in place even though it is a key element in managing cyber risk. This is despite a rapid increase in the number of cyber-attacks over the last few years and omnipresence of this risk - according to Microsoft they receive 24 trillion security signals per day.

Indeed, more than half (54%) of the those organizations who had secured insurance acknowledged that doing so was accepted best practice within their business sector and had helped them adopt a more stringent and resilient approach to cyber risks. Three quarters (75%) recognised that insurance was an important part of any cyber risk management strategy.

Fatouros added: “Cyber risks are pervasive across most organizations. Successfully countering cyber threats needs to be an enterprise-wide goal, aimed at building cyber resilience across the firm, rather than singular investments in incident prevention or cyber defense. Greater cross-enterprise communication can help the region’s businesses bridge the gaps that currently exist, boost confidence, and better inform overall strategic decision making around cyber threats.”

Quick Polls


Have you seen insurers implementing rate adjustments / risk management around climate change?


fanews magazine
FAnews June 2024 Get the latest issue of FAnews

This month's headlines

Understanding prescription in claims for professional negligence
Climate change… the single biggest risk facing insurers
Insuring the unpredictable: 2024 global election risks
Financial advice crucial as clients’ Life policy premiums rise sharply
Guiding clients through the Two-Pot Retirement System
There is diversification, and true diversification – choose wisely
Decoding the shift in investment patterns
Subscribe now