A white paper published this month has called for a comprehensive and forward-looking agenda for the continent’s approach to cyber-security
“Africa needs a comprehensive agenda to address its low cyber resilience, deal with the scale of cyber threats, and ensure Africa’s unobstructed leap into the digital economy,” stated Rob van Dale, partner at global management consultancy Kearney.
The paper, “Cybersecurity in Africa: A Call to Action” provides a four-point agenda of concerted efforts that are required to tackle the core of the problem:
1) Elevate cybersecurity on the regional policy agenda.
2) Secure a sustained commitment to cybersecurity.
3) Fortify the ecosystem.
4) Build the next wave of cybersecurity capability.
“Cybersecurity programs often take a siloed approach to defending infrastructure, even though vulnerabilities extend across peer companies and vendors, and adversaries plan and execute sophisticated attacks across several targets at once,” commented Van Dale.
The African Union (AU) has taken steps to increase collaboration on cybersecurity across the region by establishing the African Union Convention on Cyber Security and Personal Data Protection legal framework. The framework has been signed by 16 out of 55 member countries but only ratified by thirteen.
Such a system, based on the loose collaboration of national agencies and voluntary exchanges, is unlikely to go far enough to safeguard Africa. Therefore, a tighter coordination mechanism is needed.
The paper points to Africa becoming an even bigger and more popular target for cybersecurity threats. Van Dale’s colleague and fellow partner at Kearney, Prashaen Reddy, explains how internet access had grown across Africa and how mobile penetration is forecasted to exceed 90% this year.
“Investment in the region’s cybersecurity market is forecasted to grow from US$2.5bn in 2020 to US$3.7bn in 2025. Despite this investment it is estimated the region loses more than US$3.5bn annually due to direct cyberattacks, and billions more from missed business opportunities caused by the resulting reputational damage from the attack,” commented Reddy.
“Given varying levels of preparedness and differing national priorities, cybersecurity needs to be prioritised in regional and national policy agendas by elevating cybersecurity to the top of agendas in regional economic dialogue to achieve alignment within the AU,” concluded Van Dale.