The recently released 2024 Security Culture Report by KnowBe4 provides a comprehensive analysis of the relationship between security practices and employee behaviors in organisations, drawing insights from surveys conducted across thousands of global organisations
The report, which is now available for Africa, offers a detailed examination of security culture trends over the past five years.
Anna Collard, senior vice-president of content strategy & evangelist for KnowBe4 Africa, highlighted, “In its section on Africa, the report reveals that organisations evaluated across 20 African countries exhibit an average security culture score of 72, consistent with the previous year. This shows a moderate level of readiness in security culture.”
While Kenya's banking sector stands out with an impressive average score of 83, attributed to its strong commitment to mature security cultures and robust security operations, industries like public services, construction, education, and hospitality lag behind in security culture scores. This underscores the necessity for tailored approaches to enhance cybersecurity awareness and practices in these sectors.
Addressing cybersecurity challanges in Africa
Africa, characterised by its diverse cultural landscape and youthful population projected to dominate the global workforce by 2100, faces increasing cyber risks amid rapid technological advancements. Challenges such as limited resources, insufficient cyber awareness, and economic constraints marked the continent's cybersecurity landscape in 2023, highlighting the urgency to fortify cybersecurity readiness to meet critical development needs.
Leading the charge in cybersecurity readiness are Kenya, Nigeria, and Ghana, with respective scores of 76, 75, and 74, showcasing robust strategies supported by local governments. Ghana's notable progress in cybersecurity, as reflected in its climb in the Global Cybersecurity Index, underscores the region's dedication to achieving cybersecurity excellence.
“With a security culture score of 72, it’s important to address the findings from a separate survey on generative AI (GenAI) adoption by organisations in South Africa,” added Collard. “That survey identified regulatory gaps and a lack of training in countering AI-generated misinformation, highlighting the need for regulations, training programmes, and partnerships to tackle cyber threats such as deepfakes, especially during the upcoming crucial governmental elections.”
The South African Council for Scientific and Industrial Research (CSIR) expects an increase in cyber attacks targeting important infrastructure and government bodies in the coming weeks until South Africans go to the polls. “This highlights the urgent need for stronger cybersecurity measures to protect both public and private sectors, communities, and national economies,”remarked Collard. “As organisations adapt to the changing cybersecurity environment, promoting a culture of awareness, education, and proactive risk management will be vital in enhancing cyber resilience throughout Africa.”
The security culture score is a global measure used to evaluate organisations based on their approach to security, explained Javvad Malik, lead security awareness advocate at KnowBe4. “This score reflects how much importance different entities worldwide place on cybersecurity within their organisational culture. In today’s interconnected world, where a mobile device in a remote area can access sensitive accounts, working in isolation on security is no longer effective,” added Malik.
“Collaboration between governments and regulators is essential not just for creating laws but also for demonstrating practical ways to strengthen security culture. Organisations need to prioritise the human element of cybersecurity by focusing on continuous awareness and training efforts rather than relying solely on technological solutions,” Malik concluded.