KPMG Africa yesterday launched the Africa Cyber Security Outlook 2022 survey, which reveals the state of cyber security across the continent.
The study found that 74% of large African companies reported a relatively mature approach to privacy and cybersecurity.
John Anyanwu, Partner and Head of Cyber Security, KPMG Nigeria and Africa Cyber Lead, explained that while the African continent continues to face many challenges including poverty and political conflicts, the economies of many countries in the region have shown tremendous growth and a number of countries are showing rapid growth post-pandemic recovery with increased consumption and adoption of digital technologies at the grassroots level.
The survey also identified key areas of focus for Africa, including integrating cybersecurity into business strategy, risk-based regulation, proactive threat detection and protection, and a focus on cyber talent.
READ ALSO: KPMG announces winner of Tech Innovator Private Enterprise Innovator in Africa competition
Strategy, governance and cyber defense
Some 61% of companies have implemented a clear data protection/governance approach, with 80% reporting creating strategies to improve security and address privacy risks.
“This demonstrates the significant effort made by organizational leaders to ensure data security in the digital landscape. As organizations undergo digital transformation, it is essential that they consider data protection and privacy as a key component, and we are beginning to see a massive shift across the African continent,” says Marcelo Vieira, Partner and Head of Cyber Security at KPMG South Africa.
The report also highlighted organizations in Africa with a global presence that were able to achieve better cyber security compared to organizations operating solely in Africa.
Supervision and management
“Cybercriminals in this modern era are changing tactics to include data theft, targeting of users’ personal information and organizations trying to aggregate, combine, compare and analyze data to better serve their consumers.
“Therefore, there is a much greater focus today not only on mitigating threats, but also on how organizations deal with them,” says Anthony Muiyuro, head of cyber at KPMG East Africa.
NOW READ: Cyberattacks: Negligence, poor systems make South Africa a haven for cybercrime
The approach should focus on several key principles, including understanding the pearl’s information assets, assessing existing and emerging threats, documenting and aligning the appropriate cyber strategy objective, putting it into practice, and monitoring effectiveness.
There is little confidence in cybersecurity talent
The research also found that more than 50% of those who have recently been the victim of cybercrime are still unsure of the effectiveness of their cyber incident response team during a major cyber security incident, so there is no doubt that the new focus on building cyber security skills are critical – the need for highly specialized cyber security resources with cyber leadership, security assurance and systems testing skills must be prioritized.
The results show that 75% of companies face challenges in hiring and retaining qualified cyber professionals and only one in three have access to sufficient staff.
However, despite this, some industries are well positioned for cyber skills, with the highest percentage of adequate skills in the manufacturing (48%) and ENR (47%) sectors, followed by the FMCG and ICT sectors.
Financial services and the public sector have been prime targets for cyber-attacks and show a strong demand for cyber resources, mainly due to the high level of regulatory control required.
READ ALSO: Companies actively improve cyber security in South Africa – study
Africa at a glance
Although East Africa has the highest level of digital transformation adoption, with 89% of organizations undergoing digital transformation, it is also the region with the highest number of cyberattacks among African regions (31% reported cyberattacks).
Africa’s adoption of cybersecurity policies and regulations is 72%, the lowest globally.
This, together with KPMG’s research findings, indicates that there is a real need to rapidly advance agile cyber security measures to improve risk resilience and enable organizations to capitalize on new opportunities for revenue growth and business success, while ensuring business continuity.
