Dr. R.T. Sibe is the CEO/Lead Forensic Examiner of Digital Footprints Nig. Limited. He is a member of the Forbes Technology Council.
getty
There are more than 600 million total internet users in Africa. This is more than the total number of internet users in North America, South America and the Middle East. The last two decades have witnessed increased technology adoption in Africa. While this has obviously increased the efficiency of Africa's workforce, it has also come with associated risks—one of which is the risk of cyberattacks. Although this risk is global and not exclusive to Africa, Africa's preparation and response have not been coordinated as one would wish for.
According to a recent Interpol report (download required), about 90% of African businesses are operating without the necessary cybersecurity protocols and, therefore, are exposed to cyberattacks. The report also noted that there were more than 700 million threat detections in Africa within a one-year period. French newspaper Le Monde (via the Council on Foreign Relations) previously reported that the servers of the Chinese-built Africa Union headquarters in Ethiopia were bugged and that data had been routinely transmitted at night through a backdoor between 2012 and 2017. While China has denied this allegation, this is a classic example of how the continent is exposed—even at such high-level institutions.
Scramble For Response
Over the years, there have been efforts from different African countries to address the cybersecurity challenge. While most jurisdictions have taken steps, many others have been lagging. For instance, some countries have enacted laws and regulations around the cybersecurity space. In Nigeria, the parliament enacted the Cybercrime Act 2015. The National Information Technology Development Agency (NITDA) also rolled out the Nigerian Data Protection Regulation (NDPR) in 2019.
In South Africa, President Cyril Ramaphosa signed the Cybercrimes and Cybersecurity Act in 2021. This law mandates electronic communication service providers and financial institutions to act when their systems suffer a cybersecurity attack or breach. South Africa had previously signed the Protection of Personal Information Act No. 4 of 2013 Act into law.
Ghana passed its Cybersecurity Act 2020 to coordinate the nation's response to the prevention and management of cyberattacks and breaches. Ghana previously signed into law the Data Protection Act, 2012 to protect the privacy and personal data of individuals. Egyptian President Abdel Fattah al-Sisi ratified the nation's "Anti-Cyber and Information Technology Crimes" law in 2018, and Egypt promulgated its Data Protection Law, which also reflects some aspects of the EU's GDPR.
Regional And Continental Response
At the regional level, there have been some efforts as well. For instance, the Economic Community of West African States (ECOWAS) adopted the ECOWAS Regional Cybersecurity and Cybercrime Strategy at the 2020 Second Ordinary Session. ECOWAS had previously adopted the Supplementary Act on Personal Data Protection in 2010.
At the continental level, the African Union (AU) adopted the Convention on Cyber Security and Personal Data Protection—also known as the Malabo Convention—in 2014. This was followed by the release of the Personal Data Protection Guidelines for Africa—a collaborative measure between the Internet Society and the AU—in 2018. According to the United Nations Conference on Trade and Development (UNCTAD), out of the 54 countries in Africa, only 33 (61%) have a data protection law in place.
Africa's Challenging Landscape And The Need For Harmonization
Despite the commendation of AU's efforts in this regard, the Malabo Convention has had a hard start. For instance, as of 2021, only eight out of 55 AU members (Angola, Ghana, Guinea, Mauritius, Mozambique, Namibia, Rwanda and Senegal) had ratified the convention, which needs to be ratified by at least 15 countries. Interestingly, the countries that had not ratified the convention include continental giants such as Nigeria, South Africa and Kenya. Therefore, this Malabo Convention remains largely a document with little action.
Clearly, while Africa may not be in short supply of laws, the implementation has been largely abysmal. Beyond this, the myriad of national and regional laws on the same issue may be confusing—particularly as the continent seeks to dismantle trade barriers through the Africa Continental Free Trade Area (AfCFTA). For AfCFTA to be successful, the continent needs continental risk management—a key aspect of which is tackling the emerging cybersecurity risks. The pockets of discordant laws across the continent leave the landscape chaotic.
Conclusion
African enterprises continue to make exploits despite the chaotic cybersecurity landscape. The last few years have seen the emergence of seven unicorns, and all are relying on technology to do business. Africa's growing financial institutions continue to leverage technology to serve the continent and beyond. These enterprises are facing the continent's challenging and rapidly evolving cybersecurity landscape. Billions of dollars are lost annually across the continent from cybercrime and cybersecurity breaches.
Therefore, it is imperative for the continent to put forward a united front in the cybercrime war, cybersecurity and data protection regulation. African nations need to ratify the Malabo protocol and continue to fine-tune the laws and regulations reflective of the evolving threat landscape. How Africa manages cybersecurity risk will determine the growth trajectory in the next decade.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
