Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.

Africa Ranks Low on Phishing Cyber Resilience

As threats to Africa's cybersecurity continue to grow, the continent faces high risks to its society and economy with a growing cyber skills gap and lack of preparedness.

Half of a digital globe with Africa primarily in the frame, covered in zeros and ones
Source: Bruno Haver via Alamy Stock Photo

Africa has had the most exponential growth in phishing-related cybercrime out of any region over the past few years, especially when aimed against small and midsize businesses.

That's according to KnowBe4's "2024 Phishing by Industry Benchmarking Report," out this week, which analyzed more than 54 million simulated phishing tests across 11.9 million users in 19 industries across the globe. The researchers found that inadequate user training was the primary reason why individuals across all industries fell victim to social engineering attacks. 

But it's the users in many African countries that struggle with training in particular, especially as technology and connectivity experience rapid growth on the continent, causing technology-related threats to grow in tandem.

KnowBe4 researchers measure organizations' vulnerability to phishing attempts in terms of the phish-prone percentage (PPP) — that is, the percentage of individuals in these businesses that are most likely to put the business at risk by clicking on malicious links or unknowingly opening documents or files containing malware. The findings show that Africa's baseline PPP jumped from 32.8% to 36.7% in one year. In other words, more than one in three individuals in a company will fall for phishing schemes.

Africa's Phishing Awareness Issues

There are several reasons why Africa struggles with these kinds of challenges. Sub-Saharan Africa, for example, actually slowed in its economic growth in 2023 from 4% to 3.3%, likely due to its limited resources, its humanitarian and development struggles, poverty, and an energy crisis, among other issues. Compared with these pressing challenges, its cybersecurity training and culture fall behind on the list of concerns. And with all these factors compounding one another, many sub-Saharan African countries become targets for threat actors.

Some of these countries have imposed regulatory compliance laws to attempt to combat these realities and the rise of cybercrime, but most have not, according to the report.

"Unfortunately, this means that African countries have become playing grounds for cybercriminals, who don't fear recourse on the continent and target particularly those industries and countries with high digital dependency," says Anna Collard, senior vice president, content strategy and evangelist, Africa, at KnowBe4.

Improving Social Engineering Risk in Africa

To address these cybersecurity challenges, there are steps that must be taken in the areas of regulation, security awareness training, and guidelines, according to Collard.

"Particular focus is needed on threats like deepfakes used for political manipulation, especially ahead of major elections in various African countries," she says, adding that "more public-private partnerships are essential to build capacity, address the skills shortage, and improve resilience in the digital world."

It's also important to invest in Africa's younger generation by providing cybersecurity education and training opportunities, she adds. This can be the first step to filling the skills gap, which is one of Africa's "biggest cybersecurity issues," while also addressing youth unemployment.

And the sooner countries in Africa are able to start addressing their risk, the better, as the researchers report that cyberattacks against governments and critical infrastructure are expected to rise. The public, construction, and education sectors have all scored low in cyber culture and resilience, which the researchers find concerning because of the domino effect such attacks can have on the rest of society and the economy. 

"There is a drive by foreign governments like the UK FCDO [Foreign, Commonwealth & Development Office] or with their Africa Cyber program to help with cyber capacity building and in fostering more public-private partnerships opportunities," Collard says. "While certain private-sector industries, such as banking, have well-established cyber operations and are better equipped to deal with attacks, public sector organizations struggle to retain talent, develop skills, or raise budgets to adequately resource their defense operations."

She adds: "More coordinated collaboration is required between different departments, law enforcement agencies, and private sector companies to address the skill shortage, lack of funding, and poor public awareness levels."

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights