Connecting Africa is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.


Cyberattacks in Kenya, SA & Zambia grew 76% in 2022 – Liquid C2

Article Image
The number of cyberattacks on businesses in Kenya, South Africa, and Zambia increased by 76% during 2022, according to a new report from Liquid C2 titled: The Evolving Cyber Security Landscape in Africa 2022.

The report shows that cyberattacks against all large enterprises ramped up dramatically. Kenyan businesses reported an 82% increase in such attacks, while incidents increased 62% in South Africa and Zambia.

"The biggest concern emerging from this report is that companies are saying that they've put a lot more cybersecurity controls in place. With threats evolving faster than security systems, companies cannot afford to get complacent," said David Behr, CEO of Liquid C2.

"The report highlights that businesses must be consistently vigilant about the ever-evolving cybercrime landscape and the methods malicious actors use to breach cybersecurity measures. As the report shows, complacency is a luxury no one can afford," Behr added.

Liquid C2 is a business of pan-African Liquid Intelligent Technologies and offers managed cloud and security services, product solutions, related professional and advisory services to customers in 22 African countries.

The report found that most respondents had advanced significantly in their cloud and digital strategies and cybersecurity capabilities but that the threat landscape continues to evolve.

"Increasingly sophisticated methods like Cybercrime-as-a-Service (CaaS) are becoming more popular in Africa, meaning businesses can no longer rely on outdated technologies and processes," Behr said.

This was the third edition of the Liquid C2 Cyber Security Report, and the survey sample comprised IT and cybersecurity decision-makers across multiple industries and sectors in South Africa, Kenya and Zambia.

Cyberthreats growing

The research highlighted that over half of all large enterprises in the three countries were victims of a successful cyberattack. The hardest hit was Kenya, where 90% of businesses reported experiencing a data breach in the past year and 82% of Kenyan businesses believe cybersecurity threats grew in 2022.

"This high number talks to how cybersecurity breaches and cybersecurity incidents are growing and how successful they're becoming," Executive Head of Cloud and Cybersecurity for East Africa Richard Muthua said during a virtual press briefing for the report.

On the other end of the scale, only 17% of Zambian businesses reported experiencing a data breach in the past year but 62% of businesses still believe cybersecurity threats had increased over the twelve months.

Liquid C2's Executive Head of Cloud and Cybersecurity in Zambia, Shuko Chunga, said he was surprised by the low breach rate in the country and believes this might be due to not all cyberattacks not being detected properly.

"I'm not sure if this is a lack of knowledge of the breach because it's one thing to know of the [attack] and it's another thing to know whether you were actually breached or not. Because the habit tends to be that people do have access to systems for a while before people actually detect a breach. So 17% seems a bit low for me," he told journalists.

Meanwhile, 56% of South African businesses experienced a data breach in the past year and 77% said they saw an increase in attacks compared to the previous year.

Cyber skills shortage

One of the most concerning findings in the report is that Africa faces a growing 100,000-person gap in the number of certified cybersecurity professionals.

Reports estimate that there are only 7,000 certified cybersecurity professionals – about one for every 177,000 people on the continent.

"However, this number may disguise the true magnitude of the problem as there is no readily available data on the level of investment made by African governments into cybersecurity," Liquid C2 said.

Most companies interviewed in the research said they had appointed cybersecurity staff members or signed up with a cybersecurity team in the past year. Kenya had the highest percentage of firms that had done so (82%), followed by South Africa (63%) and Zambia (62%).

"We need to remember this is an emerging field. The shortage of skills is a reflection of the fact that this is a dynamic field. There's a lot of demand for cybersecurity people and there's a limited supply of them. So whilst organizations will hire, they'll hire effectively based on what is available and I've noticed in the financial services sector especially, there is a challenge in finding people," Chunga added.

"I think this speaks a great deal to the services that we offer around managed security operation centers and our ability to help people bridge that gap in the meanwhile was there looking for those skills in the market," he said.

"Around 63% of businesses have appointed cybersecurity staff [in South Africa] and I think that's actually one of the items that I think is most significant. It also shows that customers take security more seriously, as they've appointed people specifically to look at their security and [this was also evident] within small and medium-sized enterprises (SMEs)," Group Head of Liquid C2 Cybersecurity, Ignus de Villiers, said about the South African market.

The email threat

The top method of attack used by cybercriminals targeting companies across the countries was through email, using phishing or spam attacks with 61% of respondents experiencing this type of occurrence; attacks through compromised passwords followed at 48%; and then data breaches and attacks were the third most common at 44%.

Despite this, only 31% of businesses in Zambia and 26% of Kenyan businesses used email content filtering and malware detection tools. In South Africa, the number was higher at 46%.

Overall, 61% of the companies included in the research said that the breaches to their operations occurred due to remote or hybrid working.

In SA, 46% of businesses used a hybrid work model – with some employees working from home and some from the office – while 45% of Zambian businesses were hybrid and 38% of Kenyan businesses.

The top method of attack used by cybercriminals targeting companies in Kenya, South Africa, and Zambia was through email phishing or spam attacks.   (Source: Image by on Freepik).
The top method of attack used by cybercriminals targeting companies in Kenya, South Africa, and Zambia was through email phishing or spam attacks.
(Source: Image by on Freepik).

Almost 70% of Kenyan businesses believe the biggest cybersecurity threat they face is email attacks like phishing and spam.

"In terms of what [Kenyan] customers have invested in for security protection, we've seen advanced threat protection being key and also things like firewalls, so a lot of customers or users are concentrating on the perimeter [with 85% spending on this]. We're also seeing data backup as an investment that is coming up, because data is becoming so important now, there has to be some focus on investing in data backup to protect that data [with 65% of businesses investing in this]," added Muthua.

In Zambia, 45% of companies were concerned with the theft of confidential information and 38% were concerned with compliance issues for cloud-based services when data is stored in other jurisdictions.

"Compliance with the regulatory challenges when data is stored in other jurisdictions is a genuine concern. But I think it's also something that's not often discussed. In many cases, the compliance requirements are difficult to achieve currently within the Zambian market. This is not necessarily that businesses don't want to comply. It's also just a misalignment between the expectations and what is possible in the short period of time. And this is particularly a challenge for large organizations and international ones specifically," Chunga said.

In South Africa, the top three concerns around cybersecurity in 2022 were: hackers gaining unauthorized access to the organization's information systems and assets (67%); Cyberattacks including ransomware, other malware and phishing (54%); and data loss (27%).

Spending on cybersecurity

The executives from all three markets believe that spending on cybersecurity will increase in their country.

Chunga said in Zambia, an increase in spending on cybersecurity is expected for several reasons, the most pressing being changes in local legislation.

"We have the Cyber Security Act of 2021 that mandates specific actions and systems be put in place that relate to cybersecurity, this at a nationwide level but also impacts businesses," he told Connecting Africa.

"Most recently last month, the central bank also issued guidelines for all financial services organizations that are regulated by central bank to implement specific things around cybersecurity. So, they must have cybersecurity staff, they must run a Security Operations Center, data must be managed in a specific manner. And obviously, that requires some spend to be able to execute against, so the amounts that organizations will tend to spend, will grow. They have to, it's a legislative requirement, but I think that also feeds down into the market," Chunga added.

Muthua said that regulatory interventions were pushing cybersecurity adoption and spending in Kenya and that local businesses were being forced to spend more since breaches are growing. Breach levels are at 90%.

"I think the growth of spending in cybersecurity will also be accelerated by market knowledge. There's still a very big gap when it comes to market knowledge around cybersecurity, cyber breaches, what needs to be done, and the risks. So, these are some of the things that we see in this market that will grow the spend or are already growing the spend in cybersecurity," Muthua explained.

"Currently, from an economic perspective, it's tough times throughout the world. But specifically related to South Africa, we do see that there is an increase in spending [on cybersecurity], which is a good sign and important that it is done. You won't be able to defend yourself if you stick to what you have," added de Villiers.

Liquid C2 operates Africa's widest Azure Stack deployment across four countries and deployed the only African Cyber Security Fusion Centres in South Africa and Kenya, with another four to be launched in 2023.

Related posts:

*Top image source: Image by Freepik

— Paula Gilbert, Editor, Connecting Africa

Innovation hub


Four agritech startups to watch in 2024

Connecting Africa has compiled a list of four agritech startups that are making a difference in the communities they serve.


Paymentology looks to strengthen its African roots

Global issuer-processor Paymentology's CEO Jeff Parker spoke to Connecting Africa about the company's African roots and aspirations to work with more banks, fintechs and enterprises both on the continent and globally.

More Innovation hub

Latest video

More videos

Partner perspectives

All Partner Perspectives

Sponsored video

More videos

Industry announcements

More Industry announcements

Upcoming events

Africa Tech Festival 2024
November 11-14, 2024
Cape Town, South Africa
More Upcoming events

Africa Tech Perspectives


Uber's Marjorie Saint-Lot on inclusion and sustainability in Africa

Uber's Country Manager for Ghana and Cote d'Ivoire, Marjorie Saint-Lot, shares how the ride-hailing company is approaching public-private partnerships, environmentally friendly initiatives and gender inclusion in Africa.


The 100 most influential African leaders in 2023

A new report from Africa Tech Festival and Connecting Africa puts a spotlight on the top 100 African leaders in the telecoms and technology sector in 2023.


Deep dive into East Africa's tech startup ecosystem

New survey reveals a lack of access to investors, reliance on international VCs and global recession trends as the biggest barriers for East African tech startups to access funds.

More Africa Tech perspectives

Guest Perspectives


Omdia View: February 2024

By Omdia Analysts

Highlights in February 2024 in the Middle East and Africa included 5G launches in Senegal and 5G trials in Egypt as well as Kenya's first 5G MVNO. Airtel also launched a new wholesale connectivity business while MTN and Huawei are planning a joint Innovation Technology Lab in South Africa – that and more in this month's Omdia View.


Omdia View: January 2024

By Omdia Analysts

Highlights in January 2024 in the Middle East and Africa included a $200 million fintech deal between MTN and Mastercard as well as 5G network trials by Telecom Egypt – that and more in this month's Omdia View.

More Guest Perspectives

Like us on Facebook

Newsletter Sign Up

Sign Up
Tag id test-002