Cyber attack is still a threat Middle East and African business leaders are unaware of
As most organizations are still trying to figure out how to handle the risks brought by their vendors and digital supply chains, it turns out that only 4% of Middle East & Africa business leaders feel assured in their organization’s ability to successfully deal with a cyber-attack. This is in contrast to the fact that cyber threats continue to grow. Business leaders must take immediate action to adjust their cybersecurity strategies.
Marsh and Microsoft have shown the scale of risk related to corporate unpreparedness in their new survey. Analysing various functions and executives in leading organizations’ perceptions on cyber risk, the findings that include responses from 660 regional and global cyber risk decision-makers turn out to be troublesome.
Most worrying is that executives are still unsure about their core cyber risk management capabilities, and even have no clear idea of how to respond to cyber attacks. This claim is supported by 60% of respondents who have not even conducted risk assessments of their vendors or supply chains.
It is indeed problematic to see how cyber-attacks in the Middle East and North Africa (MENA) region keep growing in complexity and scale compared to how the confidence in cyber risk-management remains at relatively low levels. Besides, although three-quarters (75%) of the surveyed organisations recognized the importance of cyber insurance, a third (37%) of organizations admitted to not having any kind of cyber insurance, while more than half (54%) of those organizations who had procured the insurance admitted that it was the best practice in their cyber risk management strategy.
To be able to successfully counter cyber threats is not a one man job. All stakeholders including risk managers, finance, cybersecurity/IT, and executive leadership, have to align their risk management strategies and responsibilities, while ensuring employee awareness.
On the other hand, investing and engaging in a fully integrated cyber risk mitigation and cyber resilience reinforcement are crucial parts of practical risk prevention and mitigation measures. The resources and activities may vary from cybersecurity technology and talent acquisition, vendor/supply chain risk assessments, to cyber insurance and cyber risk advisory services.
Another thing to keep in mind is to do cybersecurity awareness training/phishing testing for employees. It may seem trivial, but remote employees can be a soft target for cyberattacks. This is where the role of HR is needed, in an effort to foster a culture of cyber responsibility.
As a proactive and defensive security strategy, cybersecurity effectiveness assessments must be conducted immediately. Cyber attack is always a matter of time, not merely about being attacked or not. Regardless of the industry and what business we are in, don’t wait until it is too late to protect ourselves and everything related to our business.