Stakeholders in Africa’s cyber security ecosystem must be more proactive in leveraging public-private partnerships to strengthen cyber resilience, protect assets, comply with regulation/policy, and bolster the continent’s digital transformation process.
This is one of the main points raised at the introduction of a Cisco white paper ‘Elevating Africa’s Cyber Resilience’, unveiled to media this week in Midrand.
The research focuses on three key areas – people, technologies and policy, and is the result of collaboration between Cisco, public policy consultancy Access Partnership, and the Centre for Human Rights at the University of Pretoria.
The white paper states that while cyber security is a global challenge, Africa faces the most significant impact from cyber threats compared to any other continent. The research considers the frequency of malicious attacks and the level of cyber security commitment. The findings reveal that 75% of countries in Africa are categorised as 'high exposure'—meaning these nations are highly vulnerable to cyber risks.
Charmaine Houvet, senior director of government strategy and policy at Cisco Africa, said, “Africa is one of the fastest-growing regions in the world for internet penetration and the use of mobile-based financial services, making it an increasingly attractive target for cyber criminals. Businesses and the public sector urgently need to increase cyber resilience to compete globally, change the continent’s economic path and attract investment.”
Africa faces the most significant impact from cyber threats compared to any other continent.
According to Cisco, with combined GDP expectations of over $4 trillion by 2027, Africa has the potential to be an economic powerhouse.
Yet cyber security poses a huge risk. According to data cited in the study, cyber crime cost Africa more than 10% of its GDP in 2021, equating to roughly $4.12 billion in losses.
Additionally, the frequency and complexity of cyber attacks have escalated, posing a substantial barrier to the continent's socio-economic development.
In the second quarter of 2023, Africa experienced its highest average number of weekly cyber attacks per organisation, reaching 2,164 attacks, a 23% increase from the same period in 2022.
The growth of cyber attacks outpaces the development of effective response mechanisms, including robust regulatory frameworks and the training and upskilling of defenders.
Acute skills shortage
Africa faces a severe shortage of cyber security professionals, with digital literacy gaps especially pronounced in rural areas and among women. Limited training programmes and resources exacerbate this issue.
In 2023, even with a combined population of 280 million people, Nigeria had only 8 352 cyber security professionals, while South Africa had 57 269.
Compared to the US, with a cyber security workforce of 482 985, and Brazil, with 231 921, it becomes clear how far the continent lags behind even by this simple metric highlighting the urgent need for targeted educational initiatives and skill-building programmes.
It was pointed out that the figure of 57 269 in South Africa does not distinguish between individuals in legitimate organisations and those recruited by organised crime syndicates.
The fact is that emerging technologies and skills are accessible to both ‘sides’ in the cyber security war.
Sectors such as manufacturing and energy exhibit relatively higher percentages of proficient cyber skills, while financial services and public administration face acute demand due to regulatory scrutiny and frequent cyber attacks.
Public and private sector collaboration is essential to closing this skills gap, the company added.
“Entities in the private sector can scale learning initiatives to improve career opportunities, boost employability and build the necessary skills required for jobs of the future,” said Houvet.
According to Cisco, over the last 25 years, it has invested over $180 million and educated more than 1.6 million students in digital and cyber security skills across the continent via its Networking Academy program.
“In 2022, we pledged an additional $200 million to be spent over the next decade to train 3 million more students in digital skills and cyber security in Africa.”
Outdated technology
Cyber attackers target Africa's critical infrastructure, using advanced techniques like AI for sophisticated attacks. Common vulnerabilities include malware, social engineering, and credential compromise.
The research also showed that 94% of South African organisations reported being targeted by phishing attacks in 2023, highlighting the need to build cyber security resilience and deploy advanced cyber security technologies.
These include encryption and cryptography, security information and event management (SIEM) systems, and cloud computing. AI and machine learning (ML) technologies are becoming more sophisticated, and even blockchain is being employed to enhance security.
Cisco said 39 of 54 African nations have implemented cyber security legislation. However, with the increase of inter-African trade and travel, there is a growing need for a more harmonised approach.
“Governments must collaborate to develop, review, and update comprehensive legislation to address new and emerging cyber security issues, including the protection of vulnerable and marginalised groups. Initiatives such as the adoption of the Malabo Convention and the AU's Continental Cybersecurity Strategy are positive steps forward,” said Houvet.
Share