The African cybersecurity market was valued at $2.5 billion in 2020 and is projected to increase in value to $3.7 billion by 2025, which encompasses the amount organisations are investing in their cybersecurity capabilities.
However, it is estimated that Nigeria, South Africa, Kenya, Egypt and other parts of the region lose more than $3.5 billion yearly due to direct cyberattacks, and billions more from missed business opportunities caused by the resulting reputational damage from the attack.
These information are contained in a white paper published this month, which called for a comprehensive and forward-looking agenda for the continent’s approach to cyber-security.
The paper, titled: “Cybersecurity in Africa: A Call to Action” provides a four-point agenda of concerted efforts that are required to tackle the core of the problem. These are the need to elevate cybersecurity on the regional policy agenda; secure a sustained commitment to cybersecurity; fortify the ecosystem and build the next wave of cybersecurity capability.
The White paper stated that it is, therefore, crucial that the region steps up coordinated efforts to address growing cybersecurity risks.
According to it, the region’s growing strategic relevance, due to its economic development and evolving digital landscape, makes it a prime target for cyberattacks. It noted that cyber resilience is generally low, and countries have varying levels of cyber readiness.
Specifically, countries in the region lack the strategic mindset, policy preparedness, and institutional oversight needed to address cybersecurity issues. The absence of a unifying framework, even among the most prepared countries, makes regional efforts largely voluntary. This leads to an underestimation of value at risk and significant underinvestment.
In addition, because cyber risk is perceived to be an information technology (IT) problem rather than a business problem, regional businesses do not have a comprehensive approach to cybersecurity. The region’s nascent cybersecurity industry faces shortages of homegrown capabilities and expertise. Products and solutions are fragmented, and there are few comprehensive solution providers.
The report identified four drivers that will increasingly expose Africa to outsized cyber risk: The growing interconnectedness and flow of people, goods, and information across the region with the realization of the African Continental Free Trade Area (AfCFTA) will intensify systemic risk. This means the region will only be as strong as its weakest link.
Secondly, widespread socioeconomic difficulties—accelerated by the COVID-19 pandemic, food crises, and inflation—have led to diverging national priorities and a varying pace of digital evolution, which will continue to foster a sustained pattern of underinvestment.
Thirdly, countries’ hesitancy to share threat intelligence, often because of mistrust and a lack of transparency, will lead to even more porous cyber defense mechanisms and technological advances will render threat monitoring and responses more complex, particularly given the rise of encryption and multi-cloud operations, the proliferation of Internet of Things devices, and the convergence of operational technology (OT) and IT environments.
According to the White paper, responses to these cybersecurity challenges must be comprehensive and collaborative, stressing that they will require input from multiple stakeholders to deal with large-scale cyber threats and enable Africa’s unobstructed leap into the global digital economy.
Foremost, it said this will also require an active defense mindset that sees countries working together to defend and leverage Africa’s resources.
“Africa needs a comprehensive agenda to address its low cyber resilience, deal with the scale of cyber threats, and ensure Africa’s unobstructed leap into the digital economy,” said Partner at global management consultancy Kearney, Rob van Dale.
