Africa Cyber Security and Cyber Crime Statistics

Cybercrime is a severe concern in Africa. The inadequate infrastructure in many African nations has made tackling this menace a very difficult task.

For most African nations, unprotected communications infrastructure has provided a conducive atmosphere for cybercrimes to grow. This has partially led to a fall in productivity across numerous industries. Thus, it is somewhat astonishing to see that more than 90 percent of African firms are functioning without the essential cybersecurity infrastructure.

Furthermore, in financial institutions, governments, e-commerce enterprises, mobile-based transactions, the communications sector, and other industries, the effect of cybercrime is serious. The fast rise of Africa’s digital economy has overtaken improvements in ensuring effective cybersecurity for communications infrastructure.

This article looks at the cyber security statistics from Africa. In addition, cyber attacks in the banking industry and the lack of adequate government responses will be looked into. 

Cyber Security Statistic from Africa 

Cyberattacks cost Africa $3.5 billion in 2019, according to a research by Serianu. More specifically, Nigeria recorded a total of $649 million in losses. Also, Kenya incurred losses of $210 million, and Tanzania had losses of $99 million.

Global Cybersecurity Initiative (GCI) research analyses the commitment to strengthening cybersecurity in 194 nations based on five pillars. These pillars are legislative, technological, organizational, capacity-building, and collaboration. Below, is a summary of the performance of African nations based on these pillars:

A total of 29 of the 54 African nations studied have approved laws aimed at enhancing cybersecurity. As of the research, four more proposals are either being drafted or have received parliamentary approval. Among all the pillars evaluated, this was the one area African countries performed best. However, there is still a lack of depth and breadth in these legal frameworks. For example, just 17 African countries have passed specialized laws to combat cyberbullying.

2. Organizational

It assesses the sustainability of coordination mechanisms, the clarity of the duties and responsibilities of implementing agencies, and potential measures to safeguard critical infrastructure. As at the time the research was carried out, just 10 African nations have a national cybersecurity plan. This plan covers all aspects of protecting vital infrastructure in the country.

3. Technical

This assesses the nation’s ability to cope with cyber threats and events, notably the availability of a dependable Computer Incident and Emergency Response Team (CIRT or CERT). Only 19 of the 131 known CIRTs are in Africa, with two more in the works. Even more interesting, six of the 19 appeared between 2018 and 2020. There was a significant increase in only one year. Only nine sector-specific CIRTs are in place in Africa to react to unique threats. According to this, the region’s supposed cybersecurity measures lack maturity.

4. Cooperation

Because cyber threats are a global problem, governments must work together to combat them. However, this is not entirely true in this part of the world. According to the GCI research, just 19 African nations have signed multilateral cybersecurity agreements. There are just ten nations in Africa that have signed bilateral treaties on cybersecurity.

5. Capacity development

With the exception of six nations, there are no cybersecurity capacity-development incentives in Africa. These incentives attempt to break down barriers, enhance institutional knowledge, or solve cyber defense policy awareness constraints and skill shortages.

Kaspersky’s study suggests that in 2020, almost 10% of PCs globally will have been infected by malware. However, in South Africa, the percentage was slightly lower than the worldwide 10% average. This makes Africa have the same cyberattack rates as North America or Europe. Kaspersky has noticed a slightly higher percentage in nations like Liberia, Tunisia, Algeria, and Morocco, while other regions of the continent show a lower incidence — a 5% or 6% average. As a result, the estimates during the first quarter of 2021 are slightly lower than 10% relative and absolute terms.

According to Kaspersky’s analysis, ransomware, financial/banking trojans, and crypto-miner malware are the most common types of malware in South Africa, Kenya, and Nigeria. There was a 24% spike in ransomware in South Africa from Q1 2021 to Q2 2021. Furthermore, there was a 14% increase in crypto-miner malware. When compared to Q1 2021, Kaspersky noticed a 59% rise in financial/banking trojans in Kenya and a 32% rise in Nigeria in Q2.

Cyber Attacks in Financial Institutions 

The banking industry appears to be a top target in Africa for cybercrime and other cyberthreats. This is unsurprising given the digital-first strategy the industry continues to pursue, propelled by the demands and expectations of its clients.

There is no lack of attack surfaces for hackers to exploit in the financial industry because of the fast pace of digital change. The number of assaults on vital infrastructure in Africa is increasing. Hackers and service interruptions cost banks billions of dollars each year. For example, there have been cyberattacks on the Nigerian National Security Agency and the city of Johannesburg. These incidents led to the closure of both organizations. In addition, critical information was exposed. According to experts, cyberattacks on marine infrastructure that ranges from piracy to stealing database records might severely disrupt African ports and shipping sectors.

It is not uncommon for cyber-sabotage to have unanticipated repercussions. Cyberattacks in Liberia in 2016 were among the worst on the continent, thanks to an aggressive hacker working for a major telecom corporation. As a result, half of the nation could not make any financial transactions. Liberia’s communication minister, who was in charge of giving an official response, was shut off from the internet. As a result, the minister had to appeal for aid on French radio. The Liberian government appealed to the international community for help. However, police did not make any arrests till months after the assault on Deutsche Telekom.

Organized Crime

Financial gain is a common motivator for cybercrime. In 2017, the African business community lost an estimated $3.5 billion to cyber fraud and theft. Cybercrime is frequently ranked as one of the top challenges faced, making it a major worry. However, Africa’s national security is not threatened with most low-level cybercrime such as illicit spam or SIM-boxing.

African criminal networks are increasingly turning to social media platforms like Facebook and Instagram and other more obscure “dark web” sites to launder their illegal goods such as diamonds, small guns, people, and pieces of art and antiquities.

Lagging Government Responses

Amidst the rapid growth of cyber dangers, most African governments’ reaction has lagged. In part, the inability to respond effectively is due to a lack of capability. As a result, it’s becoming more difficult to find qualified cybersecurity experts throughout the continent. 

A lack of fundamental cyber knowledge and a failure to adopt basic cybersecurity measures are common in many institutions, enterprises, and authorities. It is common for governments to fail to monitor risks, gather digital-physical data, and punish cybercriminals. As a result, 96% of cyber security events go unreported or unaddressed. Consequently, cyber dangers in Africa are likely considerably greater than is currently acknowledged.

The lack of capability is exacerbated by a lack of progress in creating and enacting core cyber regulations. Only 15 of Africa’s nations have finalized national cybersecurity plans that include strategic goals and delegate government-wide cyber threat monitoring and response tasks. 

Eighteen nations have set up multi-stakeholder organizations of cybersecurity specialists to assist in reacting and recovering serious security events, such as cyberattacks. African countries have signed just six conventions on cybercrime and eight on personal data protection. Still, these accords are critical for sharing information about threats and establishing universal standards, as well as benefiting from international support.

In the African security industry, the issue is considerably worse. Security sector executives generally lack understanding of the growing overlap between digital safety and national security. Africa’s security forces are still at an early level when it comes to incorporating information, communications, and associated technology into their overall military strategy, operational plans, and tactics, as a result. Some of Africa’s most critical and fast-expanding cyber dangers remain unaddressed by the continent’s governments. 

African governments’ response to cyberattacks by foreign state actors is one of the most important issues to be addressed in this regard. This is because they are difficult to monitor, discourage and prepare for.

There has been a lack of adequate regulation and control due to a lack of understanding of cyber concerns. It is typical for African governments to employ information security legislation to monitor political opposition, punish dissidents and restrict free speech. Over a dozen African nations have shut off the internet over the last several years.

Final Thoughts

Africa’s level of commitment and infrastructure on cyber security is very low. Cyber security must be guaranteed. This is necessary with the high usage of the internet in all areas of human lives. Cybercrime can affect and cause damage to various sectors of the economy. For ensuring cyber attacks are reduced to the barest minimum, internet users, corporations, and relevant authorities must take adequate steps.