Cyberspace is Africa’s new nervous system. From Algiers to Cape Town, the internet is changing people’s lives and transforming economic sectors such as agriculture, banking and transport. The rapid adoption of smartphones combined with the world’s youngest population have helped position Africa first on the global internet penetration growth ranking. Digital connectivity increased from 167.3 million people in 2012 to 412 million as of December 2017, hinting at a promising future.
Africa’s participation in the global digital economy is now a reality. By 2020, the digital economy will account for over 26% of global GDP, and even by the most conservative estimates, Africa is expected to benefit from that. However, many countries need to do more to realize their digital potential. Africa’s digital revolution is not just a matter of connectivity and access, it is about implementing meaningful policies that allow public and private sectors to participate in the new economy. While the digital divide was a significant barrier to development in the 1990s, the lack of adequate cyber policies could now prevent Africa’s progress and create a new gap.
Africa’s cyberspace is a hotbed of risk. Governments and private companies are facing an explosion of cyber threats. The wider public is affected by malware intrusions, financial cybercrime, phishing attacks and mass surveillance. Cybercrime in Africa is increasingly sophisticated, generating exorbitant financial losses. In 2016 alone, the cost of cybercrime was estimated at $2 billion, with $550 million in losses for the Nigerian economy. The situation is worsened by a lack of technology and skills to fend off such attacks.
Africa’s digital ecosystem is a vibrant and growing space offering a multitude of benefits. However, several countries remain weak when it comes to dealing with the related challenges. Indeed, very few governments have implemented national cyber strategies, making Africa’s online ecosystem one of the most vulnerable in the world. Only 20% of African states have put into place a legal framework for cybersecurity, while just 11 countries have adopted substantive laws on cybercrime. Even where laws and procedures exist, legislative cycles lag behind the rapid pace of innovation in the digital economy.
Building a resilient cyberspace is a challenging political task. In 2014, the African Union (AU) took an important step towards greater digital safety by adopting the Convention on Cyber Security and Personal Data Protection (2014). The document aims to improve how African states address issues from cybercrime to personal data protection and e-commerce.
The pan-African AU chose to develop its own legal tool instead of promoting participation in existing international treaties - such as the Budapest Convention on Cybercrime (2001). The idea was to spark a fruitful continental debate on cyber risks and challenges, and coordinate member states’ emerging policies. Yet in reality, this has not happened.
African countries have proven cautious in implementing a coherent continental strategy. Since the adoption of the Convention, only 9 out of 55 AU member states have signed it. In 2017, Ghana was the only member that signed the Convention. Senegal remains the sole country that ratified it, meaning we are far short of the 15 ratifications required for the convention to enter into force. The top four African powers, namely Algeria, Egypt, Nigeria and South Africa, have not yet signed. This unexpectedly low level of participation proves that member states are reluctant to implement a common cyber governance system, prioritizing sovereignty and independence.
In 2014, international stakeholders welcomed the AU Convention as a first step towards Africa’s cyber development, despite some criticism of the vague provisions on access to personal data. The African Union at least tried to engage member states and Regional Economic Communities (REC) on the issue. Yet three years after the adoption of the Convention, Africa’s digital revolution is held back by a lack of political action.
The African Union has to use its resources and expertise to mobilize its members. Member states have to implement best digital practices and stay up to date with innovation. National policies and legal frameworks need to be harmonized. Any individual effort is certainly doomed to failure.
Providing compatible laws within each Regional Economic Community would certainly improve matters. Furthermore, the African Union has to work very closely with countries still lacking cyber agendas. After all, article 24 of the Convention stipulates that states have to design and implement a national cybersecurity policy.
Successful political action requires leadership at the very highest level. African leaders have the responsibility to protect their societies against emerging cyber risks while respecting online privacy. This demands a multi-stakeholder conversation between governments, the private sector and civil society organizations.
Moreover, member states can benefit from participating in international initiatives such as Cybersecurity Due Diligence across Africa, developed by the Global Forum on Cyber Expertise, which supports states in drafting national cybersecurity frameworks.
A resilient cyberspace is vital to fulfilling Africa’s potential and meeting society’s rising expectations. This demands pragmatic political action, good cyber governance, an agile regulation system and an effective agenda that treats cyberspace as a common public good.