ADF STAFF
Cyberattacks cost African governments, companies and citizens an estimated $2.5 billion in 2020. That figure is likely to grow to $3.7 billion in the next few years partly due to a lack of coordinated, continentwide investment in cybersecurity.
Internet access is growing rapidly across Africa. Although internet penetration is 28% continentwide, it is more than 50% in Nigeria and more than 85% in Kenya, which are two of the continent’s top targets for cyberattacks.
South Africa, where nearly 72% of the population is online, spends a larger share of its economy on cybersecurity than any other African country, yet its citizens remain at risk of abuse by scam artists, criminals and other cybercriminals, according to Kearney, a global management company with an office in Johannesburg.
“The region’s growing strategic relevance, due to its economic development and evolving digital landscape, makes it a prime target for cyberattacks,” Kearney analysts wrote in a recent white paper. “The absence of a unifying framework, even among the most prepared countries, makes regional efforts largely voluntary. This leads to an underestimation of value at risk and significant underinvestment.”
The solution, Kearney analysts say, is to boost spending dramatically to create a continental hub for developing cybersecurity defenses.
“No country, company, or individual can surmount the cybersecurity challenges alone,” Kearney analysts wrote. “African countries need to drive the growth of African cybersecurity workforce capabilities.”
South Africa spends 0.19% of its gross domestic product, or about $800 million, on cybersecurity. That is triple the average 0.06% of GDP spent by North African countries and about six times the average 0.03% of GDP spent by the rest of Sub-Saharan Africa.
It’s also far short of the $22 billion Kearney recommends spending on continentwide cybersecurity.
“Foremost, it will require an active defense mindset that sees countries working together to defend and leverage Africa’s resources,” the report’s authors wrote.
South Africa created its own national cybersecurity hub, known as the National Computer Security Incident Response Team (CSIRT), in 2012. According to the South African government, the team was tasked with creating a safe environment for using the internet to communicate, socialize and conduct business.
“As a key point of contact for cybersecurity matters, it coordinates cybersecurity response activities, and facilitates information and technology sharing,” according to the South African Department of Telecommunications & Postal Services.
However, South Africa’s efforts still have room for improvement, according to Kearney. The country ranks among the continent’s five best countries for addressing cybersecurity issues, but it remains behind the curve regarding government efforts to regulate cybersecurity and to build public awareness of the risks posed by online attackers.
The region’s growing cybersecurity industry faces shortages of homegrown capabilities and expertise, according to Kearney. As a result, no one is providing the kind of comprehensive products and solutions that could help protect internet users in the increasingly interconnected continent.
Until recently, many African countries’ experience with large-scale cyberattacks was limited to crude methods and criminal groups, but things are changing quickly. Ransomware attacks, in which the attackers lockdown a computer system until they’re paid to reopen it, have become increasingly common across the continent.
Any effort to create a continental cybersecurity hub must confront several challenges, among them the idea among some government leaders that cybersecurity is a business problem best left to the private sector to resolve.
Another impediment to building a continental cybersecurity system: a lack of cross-border cooperation based on mistrust among governments.
The longer it takes to resolve these challenges, the more difficult they will become as technology advances and more people across Africa connect to the digital world.
“Responses to these cybersecurity challenges must be comprehensive and collaborative,” Kearney analysts wrote. “African countries can’t isolate themselves. The interconnectivity of systems exacerbates the threat.”