Cyber awareness: How one leader is taking cybersecurity mainstream

Cybersecurity and pop culture are not the most obvious of pairings. Yet one cybersecurity expert is successfully harnessing the latter to educate some of those most vulnerable to online attacks.

Confidence Staveley, Founder and Executive Director of CyberSafe Foundation, is on a mission to bring cybersecurity smarts into the mainstream and to address the inequalities of the sector.

She was behind Africa’s first Afrobeats cybersecurity awareness song – “It sounds like you’re dancing at a party, but then you're hearing about two-factor authentication, you're hearing about password length” – and has co-opted social media to get her message about cyber hygiene across to younger generations.

In an interview with the World Economic Forum, Staveley detailed the various cybersecurity programmes she has pioneered – and the extraordinary personal stories that have unfolded as a result.

In the cybersecurity field, women account for just under a quarter of the workforce. And at the same time, “they are more likely to become victims of cybercrime”, says Staveley. It’s why she set up the DigiGirls and CyberGirls programmes, which empower women in underserved communities in Africa to gain cybersecurity skills and a career pathway.

“We've had so much feedback around how the cybersecurity awareness component of that training has really just helped young women protect themselves and their families. We hear about how phishing emails … they never knew how to distinguish phishing emails from legitimate ones, and how that programme has really helped them.”

Staveley remembers one particular student from the CyberGirls programme, who came with zero digital skills:

“We taught her how to use computers and she made this promise that she's going to be the best graduating fellow in our programme. This young woman actually became the best graduating fellow, because she put in so much work. And she was quickly hired immediately after the programme, even though she didn't have a degree.

“This was a person who had to support her family by working a job that paid her about $10 per month. And then she took the skills we were able to give her, got into a job and then increased her earnings several percentages higher.

“She's now able to support her family and herself, and she is doing what she loves to do: she is finding vulnerabilities, for example, that could cost companies hundreds of thousands of dollars per year in terms of losses.

“And she's also come back to mentor the programme that she benefitted from. So I see how that is a full-circle moment. And it also confirms that when women have access, which is the biggest barrier to them coming into cybersecurity, they'll make the best out of it, and they will come out shining.”

Telling these stories is important, says Staveley, “not just as a way to attract more women and show them the possibilities here, but also [because they show] that competence in cyber can be synonymous with being a woman”.

Equity can be achieved, she says, by “creating a belief system that allows people of diverse audiences to be able to see themselves as key players and as likely success stories within our industry and providing the roadmap that helps them get there.”

Other underrepresented groups are also being helped by Staveley’s programmes. Shine Your Eye has reached over 100,000 senior citizens across eight African countries, vital when older generations have become huge cybercrime targets. In the US, for instance, the number of over-60s victims of cybercrime is more than five times the number of under-20s.

But young people need cyber education too, and Cybersmart Child aims to help children being targeted by cybercriminals for “grooming, sextortion and for all sorts of attacks”, says Staveley.

So far, the programme has helped 2,000 children in Nigeria, but the plan is to roll it out to a million children across Africa.

While Staveley focuses much of her attention on marginalized communities, she makes the point that certain types of organizations also need additional support when it comes to cybersecurity know-how.

Small and medium-sized businesses (SMEs) are “very, very vulnerable to very simple attacks”, she says, because they don’t have the budgets to procure the necessary cybersecurity talent to keep themselves safe. “There are way more SMEs in any country than there are large companies. So if we are ignoring them, then we are definitely opening way more doors to cybercriminals than we would like to admit.”

CyberSafe has set up specific programmes to help SMEs and Staveley says it’s having an impact. One SME they worked with was consequently “able to access more opportunities in more markets because they improved their cyber [knowledge] and they could talk about it”. And it also “saved them from business email compromise that they could have been vulnerable to if they hadn't gotten that education”.

But SMEs are still up against the fact that proactive security measures are costly and many companies will take the risk of not deploying them. Government-led incentives and subsidies are key to encouraging take-up, according to the World Economic Forum’s Global Cybersecurity Outlook 2025 report.

As her social media videos attest, Staveley approaches cybersecurity with a human touch.

She believes that “cybersecurity education shouldn't be something we do outside of the psychology of human interactions, because those two key things need to meet”. Staveley points out that with “most of the attacks today, the majority of them start with social engineering, which is just deception in very simple terms”.

And because cybercriminals are always trying to exploit our psychological weaknesses, it’s up to us as individuals to identify and be alert to these personality traits – and how they could make us vulnerable to attack. Staveley has narrowed them down to five personality types, using the acronym, OCEAN:

Open: “When you receive a phishing email, you're more adventurous and want to see what's on the other side than the average person.”

Conscientious: “These people are more likely to follow the rules. But then again, because they are following the rules, they are more prone to ‘authority’ attacks.”

Extroverted: “They really want to interact with people and open up to new experiences.”

Agreeable: “Very likely to become victims of cybercrime because they just want to be part of something that's happening.”

Neurotic: “They're less likely to fall for a lot of the ‘perception’ attacks. But then ‘authority’ is still a key thing.”

“Know thyself and you will win all battles,” Staveley quotes Sun Tzu at the end of her TEDx Talk. “That's something that both individuals and corporate organizations need to prioritize,” she says. “And it's not something that needs to be done, just as a one-off, it needs to be reinforced. It needs to be reiterated. It needs to be refreshed. I believe that these are some of the key ways we can protect people and organizations.”