This weekend was a memorable one for football fans. The European Championship didn’t come home to England, and Messi fans gained more ammunition in the greatest of all-time debate (if there's still any debate left).

Now, back to Africa. Today, we look at the rise of cyber threats in African countries.

The Rise of Cyber Threats in Africa

🍔 Quick Bite: Cyber threats continue to rise in Africa, with recent significant security breaches reported in South Africa, Nigeria, and Kenya, amongst other African countries.

🧠 The Breakdown

Africa's digital revolution is a double-edged sword. Soaring internet use fuels economic growth, but it also attracts cybercriminals. Businesses on the continent witnessed a 20% increase in Q1 2024 compared to Q1 2023 according to a report by cybersecurity firm Check Point. This 20% surge translates to an average of 2,373 attacks per organisation per week.

Last week, South Africa's Minister of Public Works revealed that his department has lost $16.5 million to cybercriminals over the past decade. This underscores a widespread and growing issue across the continent.

In Africa, financial institutions and telecom companies are on the front lines of a cybercrime war, facing an estimated $4 billion in annual losses from fraudulent transactions. According to the 2023 Africa Financial Industry Barometer, 97% of surveyed leaders of financial institutions in Africa rank cybercrime and regulatory constraints on cybersecurity as the leading threat to the financial services industry alongside worsening economic conditions.

Within the past year, Flutterwave, the Nigerian fintech company, has suffered up to three security breaches, the most recent costing the company ₦11 billion in April. Before the April incident, there were claims that hackers stole over ₦2.9 billion from Flutterwave accounts in February 2023, followed by a March incident in which the company lost ₦550 million to yet another security breach.

South African financial institutions have also had their fair share of cyber attacks. In July 2024, customers of Standard Bank in South Africa took to social media to complain about a “massive security breach” that led to several clients reporting fraudulent transactions or missing money from their accounts. The company eventually denied the allegations and attributed it to a spike in transactions.

In August 2022, the apex bank in South Africa, the South African Reserve Bank , was reported to have suffered a cyberattack by unknown hackers. South Africa is not the only country whose central bank has suffered a data breach. In December 2023, the Central Bank of Lesotho disclosed that a cybersecurity incident affected its system. The central bank of Angola (Banco Nacional de Angola) also suffered a cyberattack on its systems in January 2024.

Africa’s cyberattacks are not restricted to financial institutions alone. In 2022, telecom service provider MTN reported a $53 million mobile money fraud in Nigeria. Kenyan leading teleco Safaricom lost over $4 million in SIM card fraud in the same year. Governmental agencies are also not left out; the National Health Laboratory Service, the Department of Justice and Constitutional Development, and the pension agency in South Africa have all suffered cyber incidents this year.

Earlier in the year, data from the Kenyan Communications Authority shows Kenya was hit with over a billion incidents of cyber threats in the last quarter of 2023, a 943% jump from the previous quarter. The report also attributed the rise in cyber attacks to increased exploitation of the system’s vulnerabilities, driven by the growing deployment and use of internet devices.

What makes Africa so Vulnerable?

Several factors make Africa more susceptible to cyberattacks. One significant challenge is the lack of awareness about cyber threats. Many individuals and organisations are not fully aware of how to protect themselves from these attacks. A report by the World Economic Forum in January 2024 highlighted that most businesses in Africa are not adequately equipped to navigate cyber threats.

Weak legal frameworks, with limited legislation to deter cybercrime, further complicate the fight. Africa also faces a shortage of skilled cybersecurity professionals.

Moreover, many African countries face economic constraints, making it difficult to allocate sufficient funds for cybersecurity.

Building Africa's Digital Defenses

The fight against cybercrime requires a multi-pronged approach. Governments are on the front lines, developing national cybersecurity strategies and legal frameworks. These frameworks set the rules of engagement in the digital world, outlining how to investigate and prosecute cybercrimes.

Africa faces the biggest gap globally in cybersecurity preparedness. Only 39 of its 54 countries have implemented specific legislation, according to the UN Trade & Development. This translates to a 72% adoption rate, significantly lower than Europe's 91%. Countries like Egypt, Ghana, Cote d’Ivoire, Rwanda, Senegal, Kenya, Morocco, South Africa and Nigeria have cybercrime laws. Chad, Libya, Central African Republic are among the few who either don't have legislation against cybercrimes or are in the process of passing it into law.

However, concerns remain about how it’s implemented in some of these African countries. For example, some Nigerians were unaware that the government had a Cybersecurity Act until the Central Bank announced the controversial cybersecurity levy, which it eventually suspended following a public outrage.

Collaboration between governments, private sectors, and international partners will be essential in mitigating the risks posed by cyber threats and ensuring these cyberattacks do not stifle the growth of the continent's digital economy.

Summaries and links to other notable stories in the tech space.

Africa's fourth-largest miner suffers cyberattack: One of the world's largest makers of precious metals recently experienced a cyberattack that disrupted its IT ops.
“Change name or face dissolution,” CAC tells BDCs 4 months after CBN revoked licence: Nigeria’s Corporate Affairs Commission (CAC) has given some Bureau De Change (BDC) firms three months to change their names.
Getting your first 1,000 users as an African Startup: An article on actionable strategies to acquire your first 1000 users.
South Africa set to regulate content of financial influencers to protect consumers: The country is after influencers who peddle financial advice that potentially misleads consumers.

💼 Jobs, Opportunities & More

We carefully curate open opportunities in Product & Design, Data & Engineering, and Admin & Growth every week.

Product & Design

VFD Microfinance Bank — Product Marketer, Lagos
Exit Five — Head of Product Marketing, Remote
SocialPilot — Product Designer, Remote
Toptal — Product Manager, Remote

Data & Engineering

Moniepoint — Data Analyst, Lagos
Moniepoint — Cloud Security Engineer, Lagos
Snag — Sr. Full-Stack Engineer, Remote

Admin & Growth

Reliance Health — Content Strategist, Lagos
Bolt — Operations Manager, Lagos
LinumLabs — Admin and HR Assistant, Remote