African companies face challenges battling cybercrime

DOUALA, Cameroon

Cybercrime continues to afflict the African continent, with experts blaming a lack of preparedness among companies for the inability to deal with major cyberattacks.

In 2021, 55% of companies in Africa believed that they were not prepared to handle a large-scale cyberattack, according to the Club of Information Security Experts in Africa (CESIA), which have 170 members from 18 African countries.

In 2022, this figure is revised downward to 52%, or one in every two companies, according to a group of experts who, in this context, unveiled a second exclusive survey that serves as a barometer of cybersecurity on the continent in 2021. It was conducted among various African companies from December 1, 2021, to January 31, 2022.

"Cybercriminal attacks are becoming more organized, necessitating a structured response," Didier Simba, founding president of CESIA, told Anadolu Agency.

His club deplores a lack of cybersecurity preparation visible, among other things, through still-imperfect cybersecurity governance, a lack of training, awareness, budget, resources, and skills, all of which slow down the implementation of a real cyber program in the business.

According to him, a lack of preparedness has a significant impact on the actions of companies.

In this context, "one in three companies is concerned or somewhat worried about facing a large-scale cyberattack, (and) more than one in two companies believes they are not ready to manage a cyber-crisis," Simba said.

According to the CESIA, 85% of companies in 2022 do not have a cyber-resilience program, 89% do not use innovative solutions from startups, 61% have an annual awareness plan, 80% believe employees are well aware of cyber risks, and only 20% think employees comply with digital security recommendations.

"In the future, 65% of companies anticipate a shortage of skills in Africa; companies need profiles in steering, organization, and risk management, or support and incident management. 54% of companies intend to acquire new technical solutions to protect against cyberattacks," according to a recent CESIA survey.

There is no mechanism in Africa that mandates companies to communicate in these situations, therefore cybersecurity experts cultivate the security of silence, not allowing the circulation of information and so preventing or solving attacks, according to Simba.

Benoit Grunemwald works as a cyber security expert for ESET, a pioneering international cyber security company, in its French and African branches. For the past eight years, he has been actively working in Africa, educating and supporting IT suppliers and customers.

Talking to Anadolu Agency, he deplored the late reaction of companies on the continent following a disaster. He also indicated the need for rationalization and culture of anticipation and risk management.

Development-related risks

According to Kapersky, a Russian cybersecurity company, the global situation and the 10% of GDP lost by the African continent in 2021, or more than $4.2 billion, due to cybersecurity, business leaders in the area see a link with technological advancement.

"The African continent is a fertile ground when it comes to innovation, individuals and companies have come to an incredible distance in the last 30 years in terms of technological advances," Grunemwald said.

He highlighted the potential that modern technologies currently offer in many fields by providing development and the hope of a better future.

"However, risks and threats are created as a result of innovation, and each innovation brings its own set of malicious opportunities," he added.

He believes that, in terms of technology protection, the African market is no different from others.

“Although there is still a long way to go so before cyber security is no longer an anecdotal budget, the current challenge is to allow innovative companies to integrate cybersecurity as a major issue, a quality and not a brake. By doing so, African companies will be able to take full advantage of new technologies,” he stressed.

For African political leaders, it is necessary to coordinate their actions.

"We, as a government, must ensure that the issues of cybersecurity and the fight against cybercrime are addressed in a collaborative manner between government, civil society, the private sector and experts from different fields of expertise," said Cina Lawson, Togo's Minister of Digital Economy and Digital Transformation, at a summit on cybersecurity held on March 23-24 in Lome, Togo’s capital in west Africa.

On the same occasion, African leaders attended the unveiling of the "Lome Declaration," a document that commits them to take coordinated action against cybercrime in order to strengthen the security of the continent's cyberspace.