Over the past decade, digital connectivity in Africa has witnessed a remarkable spike, with an estimated 500 million internet users attributed to the ongoing expansion of mobile network infrastructure. This growth has prompted the adoption of digital technologies in various sectors of the African economy, like agriculture, security, finance, education, government, and manufacturing. However, recent cyberattacks targeting prominent companies like Flutterwave, TransUnion, Eskom, and the Electricity Company of Ghana (ECG) underscore the critical need to prioritise cybersecurity in business strategies and policy formulation.
The current state of cybersecurity in Africa
As businesses embrace digital data storage and rely on cloud services to store sensitive information, they get exposed to the vulnerability of digital fraud. The prevalence of cybercrime, including hacking, ATM scams, malware attacks, phishing, electronic card fraud, identity theft, denial of service attacks, and Business Email Compromise fraud, is increasing and has become a thorn in the flesh. In Nigeria alone, the annual cost of cybercrime to the economy exceeds $13 billion.
As digital connectivity growth in Africa brings opportunities, it also comes with challenges for cybersecurity professionals and employees at all levels of organisations. As the continent embraces the digital revolution, assessing cybersecurity awareness across sectors for prevention and safety measures against cyber attacks has become pertinent.
Strengthening security infrastructure will catalyse digital economic growth in Africa and instil investor confidence. Nevertheless, an inadequate legislative framework and lack of advocacy and awareness about cybersecurity among the people contribute to a rise in online transaction threats.
Africa has suffered various forms of cyberattacks. With the surge in online transactions and data-driven operations, businesses have become targets for sophisticated cybercriminals. Cases of payment card fraud on e-commerce platforms are widespread. For instance, Nigeria was ranked 32nd in data breaches in the first quarter of 2023, with 82,000 leaked accounts, a 64% increase from the previous quarter. Also, Ghana experienced a loss of $4.32m to cyber fraud between January and June 2023. In October 2020, Uganda suffered a significant hack, where hackers used around 2,000 mobile SIM cards to access the system and stole an estimated $3.2m.
As consumers shift towards e-commerce and digital solutions, their focus on personal online security grows, particularly when making cross-border purchases. As internet penetration and connectivity rise, critical infrastructure in Africa becomes more vulnerable to cyberattacks.
Yet, about 90% of African businesses lack cybersecurity protocols, leaving them vulnerable to cyber threats. The rapid growth of the digital ecosystem in Africa has outpaced the development of laws and policies related to cybersecurity. This could compromise data integrity, business operations, and indirect attacks that can disrupt supply chains.
The importance of cybersecurity awareness for African businesses
Africa’s cybersecurity development is in its infancy stage, both in terms of infrastructure and regulations. Strengthening security infrastructure will catalyse digital economic growth in Africa and instil investor confidence. Nevertheless, an inadequate legislative framework and lack of advocacy and awareness about cybersecurity among the people contribute to a rise in online transaction threats.
Businesses and financial institutions must prioritise cybersecurity awareness, engage in regular risk assessments and proactive measures, stay informed and vigilant, maintain a strong security posture, and safeguard against cyber threats, attacks, and vulnerabilities.
The role of governments and organisations in cybersecurity
Many countries globally have implemented national cybersecurity frameworks and established institutions to combat cybercrime and leverage international cooperation. But in Africa, only 39 out of 54 African countries have legislation promoting cybersecurity. Institutions such as the Central Bank of Nigeria and national cyber-response organisations in Tunisia, Ivory Coast, Morocco, and Kenya have warned businesses and citizens about rising cyber threats and cautioned them to strengthen security measures. Despite these efforts, many African states still need dedicated public cybersecurity strategies. To combat the surge of cybercrime in Africa, governments must prioritise cybersecurity.
Africa can mitigate the risks of unauthorised access, data breaches, and cybercrimes by ensuring the security of sensitive information. This commitment will inspire investor confidence and foster the growth of Africa’s digital economy.
Organisations should embrace emerging technologies and innovations with the propensity of enhancing security, and they should conduct regular security assessments and audit the effectiveness of their existing security controls. They should also employ encryption practices to safeguard personal information, making its access useless to unauthorised individuals in the likelihood of a cyberattack.
Small-scale businesses should implement robust security measures for their electronic devices to protect against cybersecurity threats. While single access control is commonly used, adopting multi-level access control has proven more effective. We should only grant access to business partners with multi-level security clearances.
Cybercriminals are fond of creating viruses to infect vulnerable devices, while Trojans are hidden in programs to erase a device’s software. To guard information, businesses and consumers should use regularly updated antivirus programs. They should also be cautious of unnecessary app permissions that request access to data and functions. Robust security measures should be implemented to safeguard information during transactions, and regular testing of cybersecurity measures is essential to evaluate the effectiveness of the strategy and defenses.
In addition, improved international cooperation and information exchange are vital in combating cybercrime and driving ACFTA in Africa. The African Union (AU) has introduced the African Union Convention on Cyber Security and Personal Data Protection to foster cooperation among member states. Countries like South Africa, Kenya, and Nigeria have implemented comprehensive cybersecurity frameworks and agencies. Nevertheless, African leaders should increase their commitment and allocate more resources to cybersecurity initiatives, including infrastructure development, awareness campaigns, and global engagements. They should address the low ratification of digital policy instruments, such as the Malabo Convention and the Budapest Convention.
Lastly, Africa’s internet economy is anticipated to contribute $180 billion by 2025, with a projected increase to $712 billion by 2050. Owing to the significance of this sector to trade, policymakers must establish a comprehensive cybersecurity policy and strategy to integrate cybersecurity into government initiatives, allocate resources, and set up agencies with adequate funding to implement the plan and enhance the country’s cyber-resilience. We must reduce security risks as cyber threats indicate our weaknesses.
