Skip to main content

Blog

Cyber Attacks in MENA – Resilience and Risk Transfer

With 66% of companies in MEA reporting to have been the victim of a cyber incident, according to a recent report by Marsh and Microsoft, for businesses across the region it is a question of when will it happen to them.

IT engineer testing new supercomputer while using digital tablet app, focus on open supercomputer cabinet with wires and cables

With 66% of companies in MEA reporting to have been the victim of a cyber incident, according to a recent report by Marsh and Microsoft, for businesses across the region it is a question of when will it happen to them.

A recent high profile cybersecurity incident transpired on July 16, where a well-known large supermarket chain in the UAE suffered a cyber-attack, which reportedly exposed customer data on their online shopping channel. Unfortunately, this particular incident is just one of many that have taken place within the recent months as cyber-attacks increase in frequency, severity and sophistication across the region. These incidents not only have the potential to shut down day-to-day operations but can also expose businesses to the legal, reputational and financial consequences of data leaks.

In order to prepare for the unavoidable - cyber incident management preparation is of the utmost importance for businesses across the region. Preparation helps ensure that an organization’s cyber incident response is efficient and effective. Being able to quickly respond and mobilize stakeholders helps to limit the impact of an incident and build resilience. It is vital that organizations seek support and professional guidance to help align their team’s incident management approach and necessary resources before, during, and/or after an incident.

Whilst incident response is key, it can be costly, this is why 63% of the respondents of the MEA Marsh Microsoft survey have chosen to transfer their risk to the insurance market, 75% of respondents said it is worth paying for cyber insurance to safeguard against the risks and potential costs of a cyberattack.

In this scenario, cyber insurance would have indemnified an insured for costs and expenses including:

  • IT Investigation costs to understand the nature of an event, what data has been compromised and if data is still being exfiltrated (including third party cyber incident response vendors and specialists)
  • Repair and recovery costs of the affected systems to restore any damaged or corrupted data or programs
  • Legal costs (guidance on notification to appropriate authorities & customer notification where required or recommended)
  • Public relations’ costs and notification costs: notifying all customers, communication to the media and managing the reputational impact of an event
  • Identify theft management of affected customers. Ensuring appropriate action if this data was to be found on the dark web.
  • Business interruption: if systems were taken off line and a business was unable to trade, cyber insurance would indemnify for the loss of profit during the outage whether this was as a direct result of an incident or voluntary to stem the flow of data or prevent the attached worsening.

More and more high profile cyber-attacks are happening and being reported in the region. Organisations in MENA should take the appropriate action and proactively build their cyber resilience program including risk transfer. You can speak to a cyber expert by contacting us here

Related insights