Africa faces increased cyberthreats, security skills gap – Cisco
A new whitepaper from Cisco, Access Partnership and the University of Pretoria shows that Africa faces escalating cyberattacks alongside a severe shortage of cybersecurity professionals.
The frequency and complexity of cyberattacks have escalated in Africa, posing a substantial barrier to the continent's socio-economic development.
In the second quarter of 2023, Africa experienced its highest average number of weekly cyberattacks per organization, reaching 2,164 attacks, a 23% increase from the same period in 2022.
That's according to a new whitepaper titled Elevating Africa’s Cyber Resilience, from technology company Cisco in collaboration with public policy consultancy Access Partnership and the Centre for Human Rights at the University of Pretoria in South Africa.
The authors believe growth of cyberattacks outpaces the development of effective response mechanisms, including robust regulatory frameworks and the training and upskilling of cyber defenders.
"Africa is one of the fastest-growing regions in the world for Internet penetration and the use of mobile-based financial services, making it an increasingly attractive target for cybercriminals," said Charmaine Houvet, senior director of government strategy and policy at Cisco Africa.
"Businesses and the public sector urgently need to increase cyber resilience to compete globally, change the continent's economic path and attract investment," she added.
With combined GDP expectations of over $4 trillion by 2027, Africa has the potential to be an economic powerhouse, yet cybersecurity poses a huge risk, the report's authors said.
According to data cited in the study, cybercrime cost Africa more than 10% of its GDP in 2021, equating to roughly $4.12 billion in losses.
Globally, 2023 alone saw over 2,800 publicly disclosed data breaches, involving the theft of over 8.2 billion records. The whitepaper claims this represents just the tip of the iceberg, as countless more data breaches occur in lesser-known organizations.
When assessing the overall cybersecurity readiness of over 8,000 businesses across 30 global markets, Cisco's Index found that only 3% of respondent organizations fell into the "Mature (ready)" category.
Overcoming Africa's cybersecurity skill and gender gap
Africa faces a severe shortage of cybersecurity professionals, with digital literacy gaps especially pronounced in rural areas and among women. Limited training programs and resources exacerbate this issue.
Even with a combined population of 280 million people, as of 2023, Nigeria had only 8,352 cybersecurity professionals, while South Africa recorded 57,269. When you compare this to the US, with a workforce of 482,985 cybersecurity professionals, or Brazil, with 231,921, it becomes clear how far the continent lags behind even by this simple metric, the report said.
The whitepaper found that sectors such as manufacturing and energy exhibit relatively higher percentages of proficient cyber skills, while financial services and public administration face acute demand due to regulatory scrutiny and frequent cyberattacks.
A 2023 report from the International Information System Security Certification Consortium (ISC2) counted the global cybersecurity workforce at about 5.5 million, a 9% increase from 2022, and the highest recorded to date.
However, the World Economic Forum's Strategic Cybersecurity Talent Framework projects that the global talent shortage will reach 85 million workers by 2030, causing an estimated $8.5 trillion in unrealized annual revenue.
In the cybersecurity sector alone, in 2024 there is an urgent need for nearly 4 million professionals to bridge the talent gap with a rising demand for cloud computing security, artificial intelligence (AI) and machine learning (ML) skills in the cyber sector.
The digital literacy gap is especially pronounced among women in Africa who generally have limited access to Internet-based technologies compared to men. Less than 10% of cybersecurity professionals in Africa are women – significantly lower than the global average of 25%.
Cisco believes public and private sector collaboration is essential to closing this skills gap.
"Entities in the private sector can scale learning initiatives to improve career opportunities, boost employability and build the necessary skills required for jobs of the future," said Houvet.
Charmaine Houvet, senior director of government strategy and policy at Cisco Africa. (Source: Cisco)
She said over the last 25 years, Cisco invested over $180 million and educated more than 1.6 million students in digital and cybersecurity skills across the continent via its Networking Academy program.
In 2022, it also pledged an additional $200 million to be spent over the next decade to train 3 million more students in digital skills and cybersecurity in Africa.
Addressing vulnerabilities and opportunities
The rapid development of technologies such as 5G, robotic process automation and generative AI presents renewed opportunities for cybercrime.
Cyberattackers target Africa's critical infrastructure, using advanced techniques like AI for sophisticated attacks. Common vulnerabilities include malware, social engineering and credential compromise.
In 2023, 94% of South African organizations reported being targeted by phishing attacks, highlighting the need to build cybersecurity resilience and deploy advanced cybersecurity technologies.
These include encryption and cryptography, security information and event management (SIEM) systems, and cloud computing. AI and ML technologies are becoming more sophisticated, and even blockchain is being employed to enhance security.
By 2030, AI applications in sub-Saharan Africa – including countries like Ghana, Kenya, Nigeria and South Africa – are projected to generate an economic value of $136 billion, surpassing Kenya's current GDP.
Enhancing policy frameworks in Africa
Cisco said that 39 of 54 African nations have implemented cybersecurity legislation. However, with the increase of inter-African trade and travel, there is a growing need for a more harmonized approach.
"Governments must collaborate to develop, review, and update comprehensive legislation to address new and emerging cybersecurity issues, including the protection of vulnerable and marginalized groups. Initiatives such as the adoption of the Malabo Convention and the AU's Continental Cybersecurity Strategy are positive steps forward," the company said.
"Unlocking Africa's potential hinges on securing its digital transformation. Every African economy, irrespective of its stage of growth, must strengthen its security resilience: protect every aspect of their business, withstand unpredictable threats and emerge stronger. Now is the time for decisive action," concluded Houvet.
*Top image source: DC Studio on Freepik.
— Paula Gilbert, Editor, Connecting Africa