Africa must act now to address cybersecurity threats. Here's why

The ability to protect the data of partners and clients is today one of the fundamentals behind every business decision. Today’s fluid financial markets provide a plethora of access points for malicious actors to penetrate systems and acquire data. These have to be protected.

A system is only as strong as its weakest point. Therefore, as communication and financial networks become globalised, impregnable cybersecurity is becoming a prerequisite for investment in any territory.

However, cybersecurity on the African continent remains challenging and many companies are unprepared for cyber attacks.

In addition, only a handful of countries have laws in place to protect consumers and businesses. The Global Cybersecurity Index (2021) shows that of 54 African countries assessed, only 29 have introduced cybersecurity legislation.

In 2022, 52% of companies in Africa believed that they were unprepared to handle a large-scale cyber attack.

The reality is grimmer; Interpol’s Africa Cyberthreat Assessment Report found that more than 90% of businesses on the continent were operating without the necessary cybersecurity protocols.

African organizations are not giving cybersecurity the priority it deserves and this inadequate security is directly affecting business for enterprises, as well as countries.

According to Techcabal, Africa is losing $4 billion annually to cybercrime. However, cybercrime hurts companies beyond their financials, leading to data loss, theft of intellectual property and financial and/or personal information, and damage to brand and reputation.

Africa’s poor cybersecurity also means the region is now targeted by cybercriminals as the “soft underbelly” of global business networks. In Africa, many countries have seen a rise in digital threats and malicious cyber activities.

Ironically, Africa’s rapid technological evolution makes the region an attractive target for cybercriminals. This is slowly changing, though, with countries such as Kenya and Zambia implementing new cybersecurity laws.

New anti-piracy legislation is helping to build confidence in Africa as a business destination with the ability to limit – and hopefully eventually eliminate – copyright theft.

US companies are investing heavily in Kenya, following amendments to the latter country’s Copyright Act to block infringing domains on internet service provider networks.

Real actions are also being taken to tackle piracy. The Kenya High Court recently ordered internet service providers (ISPs) in the country to permanently block sports websites infringing on copyrighted material.

This pivotal decision follows a lawsuit that sought to compel the ISPs to block live sports streaming sites on their networks.

However, the region remains a major battlefield in the global cybersecurity wars. Irdeto, which provides worldwide digital platform cybersecurity solutions, focuses extensively on Africa, in our efforts to fight piracy and protect content, networks and intellectual property.

In terms of the financial implications of building robust cybersecurity, African organizations could benefit from a mindset change. Instead of talking about costs and financial barriers, the focus should be on risk-based decision-making.

The conversation should be about identifying and ranking risks, determining which are critical and above an organization's risk threshold, and addressing those.

In the past, maturity-based cybersecurity approaches have been the norm. These approaches focus on building certain capabilities, but can lead to a “monitor everything” mindset, with inefficient spending, operational gridlock, and teams spread too thin.

Risk-based decision making is a paradigm shift towards a strategic focus where the efforts with the best risk-reduction return on investment (ROI) get the most resources.

Having said this, when reducing enterprise risk, the best ROI is often in employee awareness and training. Researchers from Stanford University in the US found that around 88% of all data breaches are caused by an employee mistake.

The human element in cybersecurity is less about deliberate crimes, and more about innocent mistakes by people who fall prey to seemingly legitimate emails with malicious links.

The same people will fail to apply basic security measures such as limiting permissions on cloud databases.

Despite some progress, Africa needs to further enhance its cybersecurity and improve confidence in its data-protection methods.

A powerful first step towards doing this would be to form an African cybersecurity/data protection forum to implement relevant cyber and security laws to protect Africa from cyber attacks.

Other strategies should include public awareness campaigns, enhancing cybersecurity capabilities, improving regional collaboration, and strengthening public-private partnerships.

In the corporate space, firms should take steps to protect their content, brand, and investment against cyber threats.

They are not alone in this endeavour, and there are third-party experts who can support them in building cyber resilience and enhancing their investment appeal.

Once African organizations understand the cyber threats they face, they can define their strategy, deploy resources and build towards a complete solution.

The ideal outcome is digitally secure African companies and organizations that offer security for themselves, their partners – and the global networks of which Africa is an inextricable part.