Cybersecurity in Africa: What Should African Leaders Do to Strengthen the Digital Economy?

Technology Policy Cyber security

Cybersecurity in Africa: What Should African Leaders Do to Strengthen the Digital Economy?

Posted on: 24th January 2022
By Multiple Authors
Adeboye Adegoke
Intern, Internet Policy Unit
Bridget Boakye
Artificial Intelligence Lead, Internet Policy Unit
Melanie Garson
Cyber Lead, Internet Policy Unit

This article on cybersecurity in Africa is part of TBI's programme of work on cyber policy. The framing paper, A Safer Net for All: The Opportunity of Cybersecurity, investigates the steps governments around the world should be taking to create a safer net that delivers economic and social prosperity. 

“Africa must take full advantage of the digital revolution to empower its citizens and enhance transparency in government and the private sector. This will not happen until data is stored in safe and trusted systems that protect privacy and are difficult for criminals to breach.”

Those were the words of Paul Kagame, Rwanda’s president, in an address to the African Union (AU) and the Economic Commission for Africa (ECA) at the high-level AU-ECA event on digital identity in Addis Ababa, Ethiopia in November 2018. Those words tell a compelling story of self-awareness: one that recognises the importance of a robust cybersecurity framework that doesn't currently exist on the continent. The African Union's Agenda 2063, the continent’s blueprint and master plan for transforming Africa into the global powerhouse of the future, identifies cybersecurity as one of the key programmes and initiatives for accelerating Africa’s economic growth and development. This commentary sets out a plan for leveraging emerging technologies through cybersecurity for the economic and social benefit of Africans. 

Africa’s Cybersecurity Gap

According to the International Financial Cooperation and Google, Africa's internet economy is expected to contribute $180 billion to its overall economy by 2025, rising to $712 billion by 2050. To ensure these projections materialise, African governments and their partners are building new initiatives to rapidly connect an estimated 700 million unconnected Africans and address speed and cost concerns for those with access.

But connection without safety is meaningless. Recent cyberattacks and vulnerabilities point to an existing and widening cybersecurity threat landscape in Africa: 

Worse, Africa lacks the talent and resources to deal with its cybersecurity threats. Of a population of about 1.24 billion people, the estimated number of certified security professionals in 2018 was 7,000, representing 1 for every 177,000 people. The continent faces a growing 100,000-person gap in certified cybersecurity professionals, but this number may even disguise the magnitude of the problem as there is no readily available data on African governments' level of investment in cybersecurity. The International Telecommunication Union's (ITU) latest ranking on national global cybersecurity efforts makes it clear: “Africa’s levels of commitment to cybersecurity – as well as capacity for response to threats – remain low compared to other continents”.

A Step in the Right Direction

Positively, there have been some recent commitments to strengthening the cybersecurity landscape in Africa. Countries like Ghana are investing in a robust cybersecurity structure, arguably becoming a model for countries in Europe and other West African countries. Fourteen African states also have a national strategy on cybersecurity with an additional four countries with draft legislation in progress.

Collaborations at the regional and subregional levels on capacity building and development, and the drafting of frameworks also reflect attempts to better position the continent to deal with cyber threats. For example, in 2014, the African Union (AU) adopted the Convention on Cyber Security and Personal Data Protection (Malabo Convention), although, by 2018, only 8 out of 54 African countries had a national strategy on cybersecurity. 

In 2019, the AU also hosted the Global Forum on Cyber Expertise (GFCE) in Addis Ababa, Ethiopia. The GFCE is a multi-stakeholder community of more than 140 members and partners from all regions of the world, aiming to strengthen cyber capacity and expertise globally. Through this process, Africa is leveraging an important global capacity development model for cybersecurity capacity-building on the continent.

More recently, in early 2021, the Economic Community of West Africa (ECOWAS) adopted a regional strategy for cybersecurity. The regional body has convened 15 African states and the Council of Europe to harmonise legislation on cybercrime and electronic evidence within the rule of law and with human rights safeguards. 

Accelerating the Gains

While existing regional frameworks and national initiatives to address cyberthreats on the continent are commendable, they are not nearly enough. The vulnerabilities in one system, network, agency on the continent, affect all.

African leaders must double their efforts and devote more resources to cybersecurity initiatives towards improved infrastructure, awareness creation, and strategic engagements at the global level. They must also address the concerns and/or reservations associated with the low number of countries ratifying digital policy instruments such as the Malabo Convention and the Budapest Convention

The AU and other African regional blocs must also prioritise cybersecurity capacity building from a technical and policy perspective. Through these bodies, African countries must continue to collaborate with each other and viable external stakeholders for peer learning and sharing of best practices. As top performers on the ITU’s Global Cybersecurity Index (GCI), countries such as Tanzania and Mauritius can show the way. 

Performed together, these actions will strengthen the continent’s path towards the desired prosperous, viable, and cyber-safe Africa, that will consolidate its place as a dynamic force in the international digital arena.

Find out more