A recent report by KnowBe4 highlighted the significant increase in phishing-related cybercrime in Africa, particularly affecting small and midsize businesses. The report analyzed over 54 million simulated phishing tests on 11.9 million users across 19 different industries globally, revealing that inadequate user training was a key factor contributing to individuals falling victim to social engineering attacks.
In many African countries, the challenge of cybersecurity awareness is amplified as technology and connectivity rapidly expand across the continent. KnowBe4 researchers used a metric called Phish-Prone Percentage (PPP) to measure organizations’ vulnerability to phishing attempts. The study found that Africa’s baseline PPP had risen from 32.8% to 36.7% in just one year, indicating that over one-third of individuals in a company are susceptible to phishing schemes.
The slow economic growth in sub-Saharan Africa, combined with limited resources, humanitarian issues, poverty, and an energy crisis, has diverted attention away from cybersecurity training and culture. This lack of focus has made many African countries prime targets for cybercriminals, who perceive them as easy targets due to their high digital dependency.
Some countries in Africa have implemented regulatory compliance laws to address the rise of cybercrime, but the majority have not taken sufficient action. According to the report, this lack of cybersecurity measures has created an environment where cybercriminals operate with relative impunity, especially targeting industries and countries with heavy digital reliance.
To combat these cybersecurity challenges, experts like Anna Collard, SVP content strategy and evangelist for Africa at KnowBe4, emphasize the importance of regulatory frameworks, security awareness training, and public-private partnerships. Collard stresses the need to address threats like deepfakes used for political manipulation, particularly concerning major elections in Africa. Investing in cybersecurity education for the younger generation is also crucial to filling the skills gap and reducing youth unemployment.
As cyberattacks against governments and critical infrastructure are expected to increase in Africa, the urgency to improve cybersecurity readiness is paramount. Collard highlights initiatives like the UK FCDO’s Africa Cyber program, which aims to enhance cyber capacity building and foster public-private partnerships. While some private-sector industries, such as banking, are better equipped to handle cyber threats, public sector organizations struggle to retain talent, develop skills, and allocate sufficient resources for defense operations.
Collaboration between different sectors, law enforcement agencies, and private companies is essential to address the skill shortage, funding issues, and low public awareness levels in cybersecurity. By taking proactive steps to enhance cybersecurity awareness and readiness, African countries can mitigate the risk of cyberattacks and protect their economies and societies from devastating consequences.