Study: Africa Cybersecurity Improves but Lacks Cross-Border Frameworks

While cybersecurity preparedness in Africa is on the upswing, the continent still lacks agreements on international security standards and sharing threat intel.

While cybersecurity expenditures in Africa are projected to grow to $3.7 billion by 2025 (up nearly 50% from $2.5 billion in 2020), any gains in prevention or productivity may be erased if there isnt more coordination and cooperation among the continents emerging economies, according to
a recent report
from the Kearney consultancy.
The regions growing strategic importance, economic development, and digital transformation make it a prime target for cyberattacks since cyber resilience remains low and varies widely by country, Kearney noted. Countries in the region lack the strategic mindset, policy preparedness, and institutional oversight needed to address cybersecurity issues, Kearney wrote. The absence of a unifying framework, even among the most prepared countries, makes regional efforts largely voluntary, which in turn leads to an underestimation of risk and significant underinvestment, the authors said.
But as Prashaen Reddy, partner at Kearney and one of the authors of the report, notes, Africa cannot be seen as homogeneous and varies from one country to another, mostly depending on network infrastructure investments. This is evident in developments from the past couple of months, as countries like
Ghana
and
Angola
make steps toward greater cyber preparedness.
Internet penetration has increased in the past decade, enabled by greater access to electricity, and the decreasing cost of devices. In particular, the growth of bring-your-own-device policies, (particularly since the COVID pandemic) and in Internet of Things (IoT) technology have increased the number of devices and applications being used, which in turn increases the attack surface.
In terms of cyber readiness, it is firstly important to understand what is determined by that term — is it about having the right technology, people, or culture in place? Kearney determined it to be a combination of: strategy; legislation; governance and operational entities; sector specific and international cooperation; and awareness and capacity building.
Taking an assessment of five countries (Nigeria, South Africa, Egypt, Morocco, and Kenya) on those five factors, Kearneys analysis determined that Africas cyber resilience is low, particularly around strategy, governance and operational entities, and cross-sector cooperation.
Throughout the white paper, the absence of a unifying governance framework is mentioned, in particular, an inability to collaborate and share threat intelligence across countries. The fracturing also complicated building frameworks, creating legislation, or developing budgets.
Reddy says Africa is still seen as a continent with some of the highest growth potential in the world, but it also challenged by policy disagreements. While there is an African Union
Convention on Cyber Security and Personal Data Protection
legal framework, the date of the last signature was in 2020, and Kearney claims that only 16 of the 55 member countries had signed it. Such a system, based on the loose collaboration of national agencies and voluntary exchanges, is unlikely to go far enough to safeguard Africa, he adds.
Reddy admits there are challenges when it comes to threat intelligence sharing, including existing economic, geopolitical, and security tensions between some nations in the continent, a lack of regulatory environment to share the information, as well as reduced resources to track events and human capabilities, and an existing dependency and/or cooperation with non-African nations.
What is the correct way forward toward harmonizing cybersecurity policies and development? Kearney cites a framework that includes established national agencies to drive the cybersecurity agenda, as well as sector-level dialog. Countries need to develop a coherent national strategy with an implementation road map and identify critical information infrastructure. They must adopt sector-level risk assessments, enact or update cybersecurity legislation, and develop laws to address cybercrime.
They should also establish threat reporting, international collaboration mechanisms, and threat response capabilities. Addressing the global skills gap in cybersecurity is also critical.
Reddy says if the leading countries define and drive a plan of actions, followed by strong execution and success, other countries will be encouraged to follow. Due to interconnectivity, it will become at some point mandatory to adhere to some common rules to continue operations as [a] cyber preparedness imbalance could seriously disrupt trade between countries. And because of continued technology use, it will become mandatory at some point to devise and adhere to some common rules of operation since the existing cyber preparedness imbalance could seriously disrupt commerce among African countries themselves.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Study: Africa Cybersecurity Improves but Lacks Cross-Border Frameworks