In sub-Saharan Africa, the digital revolution has propelled innovation on an unprecedented scale. But while criminal and terrorist groups could exploit vulnerabilities, governments across Africa could also use cybersecurity as an excuse to violate citizens’ privacy.
In a nutshell
- The digital revolution is sweeping across the continent
- Along with opportunities, it brings cybersecurity risks to Africa
- Governments could abuse the need for regulation
Boundaries between the physical and digital world are becoming increasingly blurred. Commerce and governance are moving online, putting an unprecedented volume of personal data and confidential information at risk. Because of these new digital vulnerabilities, the global market in cybersecurity is rapidly expanding.
In Africa, digitization has become a critical driver of growth and development. The internet has also become a stage for political competition and repression, and an operational base for crime syndicates and terrorist groups. The convergence between physical and digital risks in places marked by political instability and conflict makes the region particularly vulnerable to cyber insecurity.
Facts & Figures
Although it started from a low base, Africa has the world’s fastest-growing rate of internet and mobile phone penetration. Cell phone usage grew by 344 percent between 2007 and 2016. In 2018, the number of unique mobile subscribers in sub-Saharan Africa was an estimated 456 million, some 44 percent of the population – the global average is 66 percent. Some 239 million people in Africa, or 23 percent of the population, can access the internet from their cell phones. The figure is expected to reach 39 percent by 2025.
Over the last decade, digital, artificial intelligence and blockchain solutions have flourished throughout the economy, in sectors from finance to commerce, agriculture, insurance and health. Innovators using these technologies have created robotic pharmacy systems, connected smallholder producers to buyers and made it easier for migrants to send home remittances. Many of these solutions have been created by start-ups operating in countries like South Africa, Nigeria, Ghana, Kenya and Rwanda.
The digital revolution has allowed Africa to leapfrog development stages.
In sectors like banking, the digital and mobile revolutions have allowed Africa to leapfrog development stages. Between 2012 and 2017, the number of adults in Africa with a bank account went from 170 million to almost 300 million. Sub-Saharan Africa is now the region with the highest number of mobile money accounts (estimated at 469 million) and is home to 10 countries where there are more adults with mobile money accounts than traditional bank accounts.
This banking and financial revolution was first driven by platforms like M-Pesa, which started in 2007. Now, the number of financial technology (fintech) platforms directly competing with traditional banks has dramatically increased throughout the region, which accounts for 48.6 percent of active mobile money accounts in the world. In 2018, the volume of investment in Africa’s fintech sector nearly quadrupled.
Investment in cryptocurrencies is also rapidly increasing. Globally, the share of internet users who own digital currency is 5.5 percent. In South Africa, the figure is 10.7 percent, in Nigeria it is 7.8 percent and in Ghana it is 7.3 percent. Cryptocurrencies are decentralized, transnational and hard to counterfeit. In a region marked by political uncertainty and volatile currency value fluctuation, many young Africans see them as an appealing and safe investment.
Last May, peer-to-peer Bitcoin trading in Kenya, Ghana and the Central Africa region reached record levels. In Zimbabwe, after foreign currencies were once more banned in June 2019, the Bitcoin price soared. Recently, Zimbocash – a Zimbabwean government blockchain token – was launched and listed on the Bithumb Global digital-asset trading platform.
In South Africa, Binance, by volume the world’s largest cryptocurrency exchange, will launch fiat currency gateways, allowing South Africans to make deposits in South African rand. Lagos, in turn, is among the large global cities with the highest number of web searches for “Bitcoin.” The Seychelles’ MERJ Exchange became the fastest-growing stock exchange in the world in the first trimester of 2020, expanding by 373.6 percent, after embracing blockchain and tokenization.
The road ahead for technology firms in Africa is not without its threats to cybersecurity. Shoddy infrastructure and slow, expensive data transmission create large pockets of digital poverty in the continent. There are also regulatory challenges and security threats. As services move to digital platforms, the region is increasingly vulnerable to cybercrime.
In 2014, it was estimated that some 80 percent of personal computers in Africa were infected with some sort of virus or malicious software. Most African businesses, banks and even governments are unable to gather adequate protection against the many cybersecurity risks. Cybercrime syndicates operating in East and West Africa such as the SilentCards, the Yahoo Boys or the Next-Level Cybercriminals have managed to steal vast amounts of money from banks and individuals through hacking, fraud schemes and tax scams. Sites belonging to several governments and the African Union have also been attacked. In South Africa alone, according to Kaspersky Lab data, there are 13,842 cyberattacks per day. In 2019, City Power Johannesburg suffered a ransomware attack that encrypted its databases, applications and network.
In Uganda, OneCoin – a cryptocurrency scam – involved more than 10,000 people and led to losses estimated at $2.7 million. In Kenya, cyberattacks increased by 47.2 percent in the fourth quarter of 2019, totaling 37.1 million.
Cryptojacking (the unauthorized use of someone else’s computer) is also set to increase in Africa following a global trend. It is estimated that in 2018, one in every four companies suffered from the practice. Moreover, the growing popularity of cryptocurrencies also provides opportunities for criminal groups. According to Cybersecurity Ventures, cybercrime may cost the world $6 trillion by 2021, and over 70 percent of cryptocurrency transactions could be made for illegal activity. Africa’s multiple terrorist and organized crime groups make the continent a particularly critical location.
The security risks and ethical dilemmas prompted by the Internet of Things (IoT) will also continue to influence Africa’s political arena. On one side, as digital platforms remain vital spaces for political debate, competition and mobilization, authoritarian regimes will continue to invest in surveillance software while resorting to draconian regulation and shutdowns whenever necessary.
On the other hand, as in the rest of the world, the number of “hacktivists” in Africa will likely increase, generating judicial and ethical dilemmas and calling for adequate legislative frameworks. Some states and organizations may say the violation of individual privacy and data are justified to achieve development goals. Furthermore, governments and non-state actors (from activists to terrorist groups), will increasingly be using digital solutions, leading to a greater focus on internet security.
Impact and legal frameworks
While the threats to cybersecurity in sub-Saharan Africa seems relatively small in global terms, estimated at 3.5 billion euros, it is important to note that many attacks in the region go unreported. The continent’s vulnerability will only grow with the expansion of e-commerce, online government services, mobile banking and cryptocurrency trading.
Not surprisingly, organizations and governments are under increasing pressure to establish regulatory frameworks. Progress has been uneven throughout the region. The African Union tried to harmonize different strategies through the 2014 Convention on Cyber Security and Personal Data Protection, also known as the Malabo Convention. However, six years after its establishment, only 14 of the 54 African Union countries have signed the convention; only seven have ratified it.
In many cases, legal frameworks are focused on containing political dissent.
According to the United Nations Conference on Trade and Development (UNCTAD), 72 percent of African countries have cybercrime legislation (against a global share of 79 percent). In many cases, however, legal frameworks are excessively focused on containing political dissent. Some 61 percent of African countries have e-transaction laws, whereas only half have laws to protect personal data and privacy. Mauritius, Kenya, Rwanda and Nigeria are among the better-prepared countries to address cyber threats. South Africa has recently taken a major step with its new Cybercrimes Bill, passed by the country’s parliament last month.
Designing more robust cybersecurity systems requires not only adequate legislation but also skills and investment capacity, which many companies in Africa do not have readily available.
The Covid-19 pandemic is accelerating the digital revolution, the use of IoT and expansion of the global cybersecurity market. With this in mind, we should consider two scenarios for Africa’s security outlook.
Great risks, great opportunities
Under this first and most likely scenario, innovation and adaptation will continue to propel growth in Africa, fueling higher productivity levels and efficiency gains. The cryptocurrency market will continue to expand, driven by a large remittances market and a fast-growing, young, urban, digital-oriented population that wants to avoid the adverse effects of political uncertainty and financial volatility.
More slowly, mobile banking will continue to expand in rural areas and in other regions, including Southern and Central Africa. In the short to medium term, internet penetration and the IoT will accelerate, reflecting the expansion of 5G throughout the continent – currently the technology is limited to South Africa and Lesotho.
The cybersecurity market will rapidly develop throughout the continent, especially in East and West Africa, prompted by a clearer perception of the threats and more regulatory frameworks. The involvement of both governments and the private sector, including big and established players and local start-ups, which will want to create solutions for the specific needs of African markets, will also play a key role.
Growth, innovation, and opportunities will, however, walk hand in hand with substantial security risks. Cybercrime syndicates will continue to thrive, as extortion, phishing and hacking remain profitable. Moreover, links between cybercrime and terrorism will likely increase. The internet will remain a vital propaganda and recruitment platform for terrorist groups operating in the continent and it will also be increasingly used by these groups for illicit activities, such as money laundering or the trafficking of people, drugs and weapons.
More risks than opportunities
Under this slightly less likely scenario, risks will outweigh opportunities. Internet use will grow more slowly, reflecting persistent structural challenges, including the lack of adequate infrastructure, skills and regulation. At the same time, some governments will adopt excessive or counterproductive regulation that undermines the digital revolution. 5G adoption throughout the continent will be slow, like in the case of Nigeria, where the issue of operator licenses has become a controversial and political affair. Growth in promising sectors such as e-commerce and cryptocurrencies will be mostly limited to urban centers.
However, Africa’s cyberspace will remain exposed to security threats. Lack of means and coordination will make the region more vulnerable to cybercrime and cyberterrorism, increasing the likelihood of attacks against key assets and infrastructure. The situation could have a severe economic impact and disrupt daily living in some of Africa’s most populated areas.