African firms worry over state cyber safeguards

At least four in 10 companies in Africa lack confidence in their governments’ preparedness to respond to a major cyber security incident, a higher proportion than other regions globally. And the findings may highlight poor national investments in cybersecurity across the continent.

This means that a large number of organisations on the continent worry that should there be a major cyberattack, they may suffer serious economic losses and damage as their governments don’t have sufficient safeguards in place to mitigate the impacts.

The latest Global Cybersecurity Outlook published by the World Economic Forum this week reveals that while several companies lack confidence in national cybersecurity preparedness, organisations in Africa are generally more worried.

Based on a survey done by the global think-tank, 36 percent of African companies lack confidence on their countries’ preparedness to handle cyber incidents, compared to just 15 percent in Europe and North America, and zero percent in the Oceania region.

Only nine percent of firms in Africa are “very confident” in their governments’ cybersecurity preparedness, while the proportion rises to 13 percent, 17 percent, and 25 percent in Europe, North America, and Oceania respectively.

Experts in the industry say they are “not surprised” by these findings, as many African countries are yet to give priority to cybersecurity despite growing evidence that cyberattacks are increasing in number and sophistication.

“I am not so surprised by the difference in the lack of confidence in Africa versus Europe and North America, because there are distinct differences in terms of cybersecurity investments and human resources,” said Isabelle Meyer, Co-CEO of Zendata Cybersecurity.

“In North America and Europe, the investment toward different enforcement of [cybersecurity] regulations, PPPs (Public-Private Patnerships) started over 20 years ago. In Africa, there’s barely any comprehensive regulation of cybersecurity, she said, adding, “Africa has less cybersecurity professionals, less infrastructure, less cybersecurity operations centres, so it only makes sense that organisations there would be worried about cybersecurity readiness.”

Notably, smaller organisations have reported struggling with cyber resilience more than larger ones, and in Africa, the vast majority of companies are small, in terms of turnover, employee count and profit.

Globally, the number of small organisations reporting ‘insufficient’ cyber resilience, according to the WEF survey, has risen from five percent in 2022 to 35 percent this year, while large firms have improved, with those still struggling reducing to seven percent from 13 percent.

The difficulties building cyber resilience have been compounded by a number of factors, including escalating geopolitical tensions, the rapid adoption of new technologies and increased sophistication of attackers.

Geopolitical tensions, linked to the rise of cyber espionage – the illegal gathering of sensitive information from a company, individual or government for use to an opponent’s political or economic advantage – have become a real headache for companies globally.

About 60 percent of companies globally say geopolitical tensions have affected their cybersecurity strategies, and over a third of CEOs say it has heightened the risk of cyber espionage.

Kenya has recently been a victim of a major cyber-attack fuelled by geopolitical tensions, specifically the war in Sudan and Nairobi’s involvement in attempts to mediate between the warring parties.

In July 2023, Kenya’s e-Citizen platform – an online portal for accessing over 5,000 government services – was hacked by a group of hackers known as Anonymous Sudan, halting service delivery for over 24 hours.

The attack came just a month after the Sudanese junta leader rejected the appointment of Kenyan President William Ruto by the regional bloc the Inter-Governmental Authority on Development (Igad) to lead mediation between the warring forces in the country.

Several other countries across the globe, including the United States, have also recently recorded incidents of cyber-attacks linked to geopolitical foes, and in most cases, as it happened in Kenya, the impact spills over to the private sector.