Historically, there was very little public discussion about data breaches, business interruption, or ransomware incidents in the Middle East or the UAE. structured risk analysis in the UAE is relatively limited compared to more mature markets. What do you see as the main barriers to this adoption, and what specific strategies is Marsh using to overcome them, particularly for clients in the growing data centre market?

That’ s an area we’ ve focused on heavily over the past five or six years. We’ ve found that a lack of awareness has been a significant issue, as many clients simply haven’ t known that sophisticated cyberinsurance products are available to them.

To address this, we’ ve dedicated a lot of time to educating our clients. We work to dispel the negative perceptions often associated with insurance, like complicated fine print. Our own policy wordings, particularly for cyberinsurance, are intentionally clear and use plain language. The exclusions are designed to define the boundaries of the coverage rather than to restrict it.

Historically, there was very little public discussion about data breaches, business interruption, or ransomware incidents in the Middle East or the UAE. This meant that companies weren’ t aware that their local peers could be experiencing these issues. This is now beginning to change, with some public notices and official data breach notifications being issued. This trend is increasing both awareness and the level of sophistication in the market.

However, when we look at the numbers, the uptake is still quite low. For our high-revenue clients( over a billion dollars), the percentage of those purchasing cyberinsurance is still in the single digits. This is a stark contrast to other parts of the world, where that figure is typically over 50 %. This gap highlights that while awareness is growing, there’ s still a long way to go.

Do you think this increasing transparency and new legislation will eventually lead to the UAE catching up with more mature markets in cyberinsurance adoption?

While a significant gap remains, the trend is certainly changing. I don’ t believe the lower level of transparency is deliberate; rather, there just haven’ t been the established public forums for these discussions in the past.

That’ s now shifting. We’ ve recently seen a few data breaches where companies have issued public notifications, and many are now aligning their processes with the incoming data protection legislation. This new legislation, which is similar to standards already in place in the UK and Europe, is driving a more open and accountable approach.

16 WWW. INTELLIGENTCISO. COM