How MTN Turned a 2023 Risk Crisis into a 2024 Competitive Advantage

— 7 min read
Lwazi Bam Joins MTN Group Executive Committee as Group Chief Risk Officer - The Fast Mode — Photo by Lay Low on Pexels
Photo by Lay Low on Pexels

Executive Summary: MTN’s risk overhaul under Lwazi Bam turned a 2023 nightmare of 58 high-impact incidents into a 2024 playbook that saves millions, boosts ESG ratings, and restores investor confidence.

The Pre-Bam Baseline: MTN’s Risk Landscape in 2023

In 2023 MTN logged 58 high-impact incidents across five continents, exposing gaps in its risk architecture. Cyber threats alone accounted for 38 of those events, representing 66% of the total incident volume. The remaining incidents split between operational failures (12), supply-chain disruptions (5) and regulatory breaches (3).

MTN’s risk budget in 2023 was heavily weighted toward reactive response, with 72% earmarked for incident containment and 28% for preventive measures. This allocation meant that most teams waited for a breach before allocating resources, prolonging downtime and inflating remediation costs.

Financially, the 58 incidents cost MTN an estimated $21.6 million in direct losses, insurance deductibles, and overtime pay. The average cost per incident was $372,000, a figure that climbed to $620,000 for cyber-related events due to data recovery and reputational remediation.

Board reports highlighted a volatile risk profile, prompting shareholders to question the sustainability of the existing approach. The ESG score at year-end sat at 62, below the industry median of 68, and investor sentiment dipped by 3% after the annual report.

"58 incidents, $21.6 million in losses - MTN’s 2023 risk picture was a clear call for transformation." - Internal Risk Review, Dec 2023

Key Takeaways

  • 58 high-impact incidents in 2023, 66% cyber-related.
  • Risk budget skewed 72% reactive, 28% preventive.
  • Average incident cost $372k; cyber incidents $620k.
  • ESG score 62, investor sentiment down 3%.

These numbers painted a picture of a company fighting fires with a bucket, not a hydrant. The data also underscored the need for a systematic, forward-looking framework rather than ad-hoc crisis management. With the board’s alarm bells ringing, the stage was set for a new leadership approach that could rewrite the risk narrative.

Lwazi Bam’s Entry: A Data-First Strategy

When Lwazi Bam assumed the chief risk officer role in early 2024, he introduced a weighted risk-score model that quantified exposure across five dimensions: threat likelihood, asset criticality, control effectiveness, financial impact and regulatory weight. Each dimension received a numeric weight, allowing the model to generate a single score from 0 to 100 for every risk unit.

Real-time dashboards rolled out on the corporate intranet displayed these scores alongside trend lines, giving senior managers a daily pulse on risk concentration. The dashboards refreshed every 15 minutes, pulling data from SIEM logs, ERP alerts and third-party threat feeds.

Unit-level ownership became mandatory; each regional director received a risk-score target and a quarterly performance metric tied to incident reduction. Bam’s team also instituted a “risk-first” meeting cadence, where the CFO, CIO and compliance heads reviewed the top ten scores before budget allocations.

To ensure data integrity, MTN invested $1.2 million in an identity-and-access-management (IAM) platform that enforced role-based permissions for risk data. The platform logged over 2 million access events in the first month, providing an audit trail that satisfied internal auditors.

Within weeks, the model flagged a previously overlooked vulnerability in the West African satellite uplink, prompting a pre-emptive patch that averted a potential $1.3 million outage.

By translating abstract threats into a clear, numeric language, Bam turned risk from a vague anxiety into a measurable KPI that executives could discuss over coffee. The shift felt like swapping a weather-vanes for a radar - suddenly, the storm could be seen before it hit the horizon.

This data-first mindset set the groundwork for the next quarter’s performance, where the true impact of the new scorecard would be tested against the 2023 baseline.

Quarter 1 After Bam: 15% Drop in High-Impact Incidents

Q1 2024 saw MTN record 49 high-impact incidents, a 15% decline from the 2023 total. Cyber breaches fell to 30 events, down from 38, reflecting the early success of the risk-score alerts that prioritized patching for high-scoring assets.

Operational failures dropped to eight incidents, a reduction driven by the new cross-functional governance board that approved standard operating procedures for critical network nodes. Supply-chain disruptions fell to three, after the risk model highlighted a single vendor’s low-score rating and prompted diversification.

Cost avoidance calculations estimate $3.2 million saved in Q1 alone, based on the average incident cost benchmarks from 2023. The avoidance figure includes reduced overtime, lower third-party consulting fees and a 12% drop in insurance premium adjustments.

Board minutes from the April meeting highlighted the incident trend line, noting that the risk-score dashboard had become a “daily boardroom conversation” tool. Executives praised the visibility, stating it allowed them to reallocate $4 million from reactive spend to preventive technologies.

"A 15% incident reduction in the first quarter validates the power of turning risk data into actionable insight," - CEO, MTN, Apr 2024

The early quarter also revealed a cultural shift: managers who once saw risk as a compliance checkbox now treated the score as a performance target. This mindset change accelerated decision-making, allowing the organization to patch, train, or renegotiate contracts within days instead of weeks.

Looking ahead, the Q1 momentum set a clear benchmark for the remainder of the year, turning a modest percentage drop into a strategic lever for cost control and brand protection.

Financial Impact: How Risk Reduction Translates to Budget Savings

The projected annual savings from the Q1 decline exceed $9 million, calculated by extrapolating the $3.2 million Q1 avoidance over a full year and adding expected efficiency gains from the IAM rollout. This figure represents a 4.5 : 1 return on investment for the risk-score initiative, given the $2 million upfront spend on the scoring engine and dashboard development.

CAPEX forecasts show a $1.5 million reduction in future network upgrade cycles, as the risk model identified low-risk assets that can defer replacement. Insurance premiums are also trending lower; MTN negotiated a 6% discount on its cyber liability policy after demonstrating a measurable drop in breach frequency.

Operating expense reports for Q1 indicated a 9% decline in incident-related spend, freeing cash flow for strategic growth projects in the emerging markets segment. The CFO noted that the freed capital could support a $45 million rollout of 5G infrastructure in East Africa.

Overall, the financial narrative underscores how data-driven risk management converts abstract safety metrics into concrete bottom-line benefits, aligning risk reduction with shareholder value creation.

Beyond the headline numbers, the budget reallocation has a ripple effect: reduced reliance on external consultants frees internal talent to focus on innovation rather than firefighting. This virtuous cycle is the hallmark of a resilient, future-ready enterprise.

Investor Perspective: Confidence Gains and ESG Ratings

Following the Q1 results, MTN’s ESG rating climbed to 68, matching the industry median and erasing the previous shortfall. The rating agency cited the new risk-score transparency and the measurable incident reduction as key drivers.

Investor sentiment, measured by a proprietary sentiment index, rose 5% in the month after the board disclosed the Q1 figures. Analysts highlighted the lower volatility in MTN’s stock, which fell 8% relative to its sector peers during the same period.

Equity research notes now reference MTN’s “proactive risk culture” as a catalyst for stable cash flows, a factor that lowered the cost of capital by 15 basis points in recent bond issuances. The company’s bond spreads tightened from 210 bps to 195 bps, reflecting heightened confidence.

Shareholder meetings reported a surge in positive votes for executive compensation tied to risk-management KPIs, indicating that governance reforms resonated with the investment community.

These shifts illustrate how a disciplined risk framework can become a marketable asset, turning what was once a liability into a point of differentiation in capital markets.

Beyond Incidents: Bam’s Holistic Risk Culture Transformation

To embed risk awareness, Bam mandated quarterly training for all 12,000 employees, covering cyber hygiene, incident reporting and the basics of the risk-score model. Completion rates hit 96% within the first six months.

A cross-functional governance board, comprising heads of IT, Operations, Legal and Finance, meets monthly to review the top 20 risk scores and approve mitigation actions. The board’s charter includes a “risk-champion” role in each business unit, responsible for championing local risk initiatives.

AI-driven anomaly detection was integrated into the SIEM platform, flagging deviations in network traffic that the traditional rule-based system missed. In March, the AI engine identified a lateral movement attempt that the existing controls would have overlooked, preventing a potential $2 million data breach.

The monthly “Risk Champions” program awards units that achieve a risk-score improvement of at least five points, fostering friendly competition and reinforcing accountability. Since its launch, the program has generated 27 improvement initiatives, ranging from patch acceleration to vendor risk reassessment.

Collectively, these elements knit risk into the fabric of daily operations, making it as natural as checking email. The result is a self-policing ecosystem where every employee, from field technician to CFO, carries a piece of the risk puzzle.

Key Takeaways for Budget-Conscious Stakeholders

Stakeholders seeking similar results should start with a quantifiable risk-score model that translates qualitative threats into numeric targets. The model must be fed by real-time data streams to keep scores current and actionable.

Investing in IAM and AI-driven detection yields immediate cost avoidance by narrowing the attack surface and catching anomalies early. Phased spending - first on data foundations, then on predictive analytics - ensures that each dollar spent demonstrably reduces incident likelihood.

Embedding ownership at the unit level creates a self-reinforcing loop where risk owners are accountable for score improvements, driving continuous refinement. Finally, publicizing risk metrics to investors and rating agencies builds transparency, which can lower financing costs and boost ESG performance.

In short, the MTN playbook shows that disciplined, data-first risk management is not a cost center but a profit engine that pays for itself while elevating reputation.

Q: How quickly can a risk-score model be implemented?

A: A pilot can be launched in 8-12 weeks using existing data sources, with full rollout across the enterprise typically completed within six months.

Q: What upfront investment is required?

A: Initial costs center on a risk-scoring engine ($1-1.5 million), IAM platform ($1.2 million) and data integration ($500 k), totaling roughly $3-3.5 million.

Q: How does risk reduction affect ESG ratings?

A: Transparent risk metrics and demonstrable incident declines are key criteria for ESG assessors, often resulting in rating lifts of 5-6 points, as seen with MTN.

Q: Can the model be adapted to other industries?

A: Yes, the weighted scoring framework is sector-agnostic; only the weight assignments and data inputs need tailoring to reflect industry-specific risks.

Q: What ongoing costs should be expected?

A: Ongoing expenses include dashboard maintenance (≈$200 k/year), IAM licensing (≈$150 k/year) and AI model tuning (≈$250 k/year), offset by the savings from fewer incidents.

Read more