Trend Micro, a global cyber security firm, has released a new report that shows Kenya’s losses to cyber criminals reached Kshs 3.6 billion ($36 million) in 2022, compared to Nigeria and South Africa where they are nearly tenfold at Kshs 50 billion ($500 million) and Kshs 57 billion ($570 million) respectively.
The report, titled Risky Rewards, is the result of a survey where Trend Micro commissioned Sapio Research to poll 2718 business decision-makers in companies with over 250 employees across 26 countries and finds that all the affected organizations have maintained inadequate cyber security measures, leaving them highly exposed.
Zaheer Ebrahim, the Middle East and Africa Solutions Architect at Trend Micro, said in a statement that 90% of African companies have neglected to put cybersecurity protocols in place even as they plan to increase their cybersecurity budgets for 2023.
“Organisations would do well to reconsider the importance of cybersecurity, especially if they want to optimise their investments in this area. Cybersecurity isn’t just about keeping data and other related resources safe. It has a clear impact on winning new business and recruiting top talent. With this in mind, it is vital that we change perceptions around cybersecurity, especially amongst corporate leaders,” said Ebrahim.
Trend Micro’s report shows that the cyber security losses affect various areas, including ability to win new business, hire new talent and contract better suppliers. A fifth (19%) of the global Business Decision Makers (BDMs) surveyed in the company’s research admitted that a lack of security measures of impacted their ability to win new business, while 81% worry that it will do so in future. This comes as nearly three-quarters (71%) of BDMs admit they’re being asked about security posture in negotiations with prospects and suppliers. And 78% say these requests for information are increasing in frequency.
This apparent contradiction in attitudes is laid bare by another finding. Despite prospects and suppliers clearly prioritizing security in negotiations, only 57% of BDMs perceive there to be a strong or very strong connection between cyber and client acquisition/satisfaction.
Talent acquisition is another area where there are clear gaps in BDMs’ understanding of the interconnectivity between cybersecurity and the rest of the business.
Nearly three-quarters (71%) of respondents claim that the ability to work from anywhere has become vital in the battle for talent. Yet only around two-fifths understand the strong connection between cybersecurity and employee retention (42%) and talent attraction (43%).
On employee experience, 83% of the respondents surveyed said current security policies have affected remote employees’ ability to do their jobs, including network and information access issues, and slowing the pace of work, while 43% say current security policies place restrictions on employees’ ability to work from anywhere. In addition, 54% say current policies restrict what devices/platforms employees can choose to use.
These findings point to BDMs’ lack of understanding of the relationship between cybersecurity and other parts of the organisation. This is borne out by further statistics: half of respondents (51%) claim cybersecurity is a necessary cost but not a revenue contributor, while a similar share (48%) argue that its value is limited to attack/threat prevention. Nearly a fifth (38%) even see security as a barrier rather than a business enabler.
In spite of misperceptions around the impact of cybersecurity on the business in its entirety, nearly two-thirds (64%) of BDMs say they plan to increase security investment in 2023; a sign that industry sentiment may be changing.