Morocco’s SMEs are by far the country’s largest employer, accounting for more than 95% of the private sector[1], yet when it comes to underinsurance and vulnerability, the headlines often focus on the big players, particularly with cyber risk. The recent widely reported attack on auto manufacturer, Jaguar Land Rover (JLR), for example, received international coverage, but the substantial risks that SMEs in North Africa – a sector on which so many economies depend – tend not to be seen as an existential threat. As Insurance Business notes, “many SMEs still consider themselves unlikely targets or view premiums as prohibitive. But the recent JLR and many other such incidents over recent months and years throws that complacency into sharp relief.”
The proportion of underinsured and uninsured risk in North Africa is significant. Even in Morocco, which has long been seen as an outlier in a relatively underinsured region with low penetration rates, the risk of underinsurance to SMEs remains an existential threat to their operational and financial security. At the same time, businesses are suffering because re-insurers are not always able to adequately assess risk to understand probable maximum loss in a relatively immature market and therefore cannot price risk affordably.
That needs to change, because some North African countries are experiencing rapid growth in the SME sector. According to figures published by the Moroccan Office of Industrial and Commercial Property (OMPIC), more than 60,000 new companies were established in the country in Q1 2024, up from the previous year, which saw just under 100,000 new companies.[2] In Morocco in particular, the risk of drought looms large, and earthquake, business interruption and cyber risk add to the widespread gaps in protection.
In response to cybercrime – possibly the hottest topic in Moroccan insurance at the moment – governments and businesses are beginning to act, as organised cyber criminals continue to see the SME sector as an easy target. In response to increasingly sophisticated attacks, the cyber insurance market is growing[3] as risk awareness across the region increases. That awareness is sharpened by high-profile attacks such as that suffered by Morocco’s Caisse Nationale de Sécurité Sociale (CNSS) – the government ministry covering employment and social security – in April this year.[4] For re-insurers, the need to fill protection gaps to guarantee operational and cyber resilience also represents an attractive commercial opportunity to offer support for SMEs in the region.
Are the costs of underinsurance fully understood?
In Morocco, better risk-management practices have emerged to address recent business interruption from natural disasters, cyber-attacks and climate variability. Morocco is already the second-largest agri-insurance market in Africa,[5] with parametric solutions emerging to mitigate the risk of drought and natural disasters. In 2023, parametric insurance helped many victims of the Marrakesh earthquake,[6] with the strength of the quake triggering automatic payouts without the need to claim.
Research from 2023 shows that around 50% of SMEs invested in business-interruption insurance as part of a shake-up of risk-management practices. That investment appears to have paid off – the same research reports that SMEs with targeted cover experienced a 20% drop in operational downtime. This should encourage further development of comprehensive, targeted cover that addresses the particular challenges Moroccan SMEs face.[7]
With cyber risk evolving rapidly, the cost of underinsurance is beginning to sink in. As Insurance Business points out, if a cyber-attack at a major auto manufacturer can cause such systemic economic shockwaves, “what would happen to your business without insurance?”[8] In many respects, it is a straightforward proposition for brokers to present to clients; the incident provides them with an opportunity to reframe the proposition for potential clients who might have been hesitant previously.
Why are SMEs more exposed to cyber risk?
Cybersecurity surveys show that, historically, SMEs have vastly underestimated the risk from cyber-attack. That is not limited to North Africa; in the UK, for example, where around 50% of successful attacks in 2024 targeted small businesses,[9] many SMEs still think they are “too small to present a target”, according to the Association of British Insurers.[10]
The resulting underinsurance, or worse still, a complete lack of cover, greatly enhances the so-called attack surface, as many SMEs do not perceive a cyberattack as a significant threat. As was widely reported, the automaker allegedly lacked any tailored cover at the time of the recent attack, because the company had, at the time, failed to finalise a cyber placement prior to the event.[11] The ongoing cost to this one manufacturer alone is estimated to be at least £50 million per week;[12] but can smaller businesses swallow the costs of a total shutdown without adequate cover?
In North Africa, business interruption cover is often ineffective due to inadequate policy limits, low awareness and protection gaps. This issue is compounded when standard policies fail to adequately address specific business risk profiles.[13]
The JENOA view: how can re-insurers help?
For SMEs facing natural disasters, drought or cyber risks, tailored insurance that recognises unique exposures is undoubtedly the best way to reduce financial damage, promoting quick recovery and business continuity.
Recent research highlights that SMEs that had taken out customised cover, as opposed to standard policies, suffered lower losses during business interruption from natural disasters. “Tailored policies were better equipped”, says the research, “to address specific risks unique to each business, thereby reducing the overall financial impact of such events”.[14]
In-depth research on SME insurance from the International Journal of Modern Risk Management confirms that tailored and specialised cyber cover offers SMEs better risk management and recovery. “Specifically, companies with tailored cyber policies,” say the authors, “had better access to incident response resources, legal support, and financial compensation for losses incurred due to cyber-attacks”.[15] They note that specialised cover addresses a company’s immediate losses and provides support for its long-term recovery after an attack.
What does this mean for MENA clients and how can JENOA help?
JENOA actively supports insurers and brokers in establishing comprehensive risk mitigation strategies that help build the effective and sustainable cover the sector needs to guarantee its continuity and resilience.
JENOA is currently leading the way in developing cyber solutions tailored for SMEs. Given the historically prohibitive premiums often cited,[16] these products will offer affordable and sustainable cyber, BI and DBI cover to better protect the sector’s vulnerabilities in what is undeniably an unpredictable threat landscape.
With cyber-attacks on major entities like those discussed above translating to the realization and exposure SMEs’ hidden vulnerabilities, the need for specialised insurance is urgent. Through its connection to Lloyd’s of London and international reinsurance hubs, JENOA provides the global expertise necessary for local insurers to develop and successfully market enhanced, specialised coverage for SMEs.
An existential threat?
SMEs that invest in tailored insurance solutions experience a 20% increase in operational resilience and recovery speed, provided they establish a comprehensive risk management strategy as a core feature of their business strategy. The high risk of drought in a country where agriculture accounts for around 15% of GDP[17] and employs 50% of working adults requires coverage gaps to be addressed more effectively.
When it comes to cyber cover in Morocco’s increasingly digital business landscape, the Jaguar Land Rover incident should act as a wake-up call for SMEs. After all, cyber attacks are no longer simply an IT issue – they are existential events for small businesses.
As Insurance Business makes clear, the stark choice for SMEs’ survival is this: treat this as a passing crisis, or as the catalyst that “finally makes cyber insurance a cornerstone of resilience”.[18]
Five Fast Facts
How do North Africa’s insurance penetration rates compare?
Morocco leads the way in North Africa, with a penetration rate of around 4% compared to an emerging-market average of 3.4%, and Algeria’s rate is below 1%.
Are SMEs in Morocco beginning to address gaps in coverage?
The Moroccan Association of Business Leaders reports that, in 2023, 50% of SMEs invested in business-interruption cover.
How can SMEs bounce back quicker from business interruption?
Tailored cover allows for quicker bounce back, with downtime reduced by 20% compared to standard policies, with a corresponding increase in operational resilience and recovery speed.
Are SMEs immune to cyberattacks?
In 2024, 50% of successful cyberattacks in the UK targeted SMEs.
Which African countries saw the most web-threat detections in 2024?
Morocco ranked third in Africa for web-threat detection, with nearly 13 million last year, compared to Kenya’s 20 million and South Africa’s 17 million.
[1] https://www.moroccoworldnews.com/2025/01/165781/tax-revenues-and-the-role-of-smes-in-moroccos-economic-transition/#:~:text=In%202023%2C%20Morocco’s%20entrepreneurial%20ecosystem,real%20estate%2C%20and%20professional%20services.
[2] https://www.moroccoworldnews.com/2025/01/165781/tax-revenues-and-the-role-of-smes-in-moroccos-economic-transition/#:~:text=In%202023%2C%20Morocco’s%20entrepreneurial%20ecosystem,real%20estate%2C%20and%20professional%20service
[3] https://www.mordorintelligence.com/industry-reports/morocco-cybersecurity-market#:~:text=Morocco%20Cybersecurity%20Market%20Analysis%20by,%2C%20and%20critical%2Dinfrastructure%20protection.
[4] https://www.euronews.com/2025/04/10/hackers-breach-moroccos-social-security-database-in-unprecedented-cyberattack
[5] https://faberconsulting.ch/files/faber/pdf-news/20230530_FABER_Release_EN.pdf
[6] https://www.axa.com/stories/story-when-parametric-insurance-became-a-lifeline-in-moroccos-2023-earthquake
[7] https://iprjb.org/journals/index.php/IJMRM/article/view/2948/3462
[8] https://www.insurancebusinessmag.com/asia/news/cyber/jlr-hack-raises-prospect-of-covidstyle-bailout–and-questions-for-cyber-cover-549632.aspx
[9] https://www.abi.org.uk/globalassets/files/publications/public/cyber/abicyberresilienceforsmestheinsurancegapexploredjan2025.pdf
[10] https://www.abi.org.uk/globalassets/files/publications/public/cyber/abicyberresilienceforsmestheinsurancegapexploredjan2025.pdf
[11] https://www.theinsurer.com/cyber-risk/news/exclusive-jaguar-land-rover-failed-to-secure-cyber-insurance-deal-ahead-of-2025-09-23/
[12] https://www.techradar.com/pro/security/jaguar-land-rover-facing-costs-of-millions-per-week-following-cyberattack-due-to-a-lack-of-insurance-cover
[13] https://iprjb.org/journals/index.php/IJMRM/article/view/2948/3462
[14] https://iprjb.org/journals/index.php/IJMRM/article/view/2948/3462
[15] https://iprjb.org/journals/index.php/IJMRM/article/view/2948/3462
[16] https://iprjb.org/journals/index.php/IJMRM/article/view/2948/3462
[17] https://www.commercialriskonline.com/morocco-top-of-the-rankings/
[18] https://www.insurancebusinessmag.com/asia/news/cyber/jlr-hack-raises-prospect-of-covidstyle-bailout–and-questions-for-cyber-cover-549632.asp
