Examining the Security Culture and Cybersecurity Preparedness of African Organizations

KnowBe4 (www.knowbe4.com), the provider of the world’s largest security awareness training and simulated phishing platform, has recently unveiled its highly awaited 2024 Security Culture Report (https://apo-opa.co/3Wr5p7a) for Africa. This report offers a detailed examination of the intricate relationship between security practices and employee behaviors within organizations. Drawing insights from surveys conducted across thousands of organizations globally, the full report (https://apo-opa.co/3Wx9hng) presents a comprehensive five-year comparative view, highlighting significant trends shaping the cybersecurity landscape.

According to Anna Collard, SVP of Content Strategy & Evangelist for KnowBe4 Africa, “In the Africa section of the report, organizations evaluated across 20 African countries show an average security culture score of 72, consistent with the previous year. This indicates a moderate level of readiness in security culture.”

Significant variations exist among sectors and countries, underscoring the need for targeted interventions to bolster cybersecurity resilience. Collard explains, “The banking sector in Kenya stands out with an impressive average score of 83, attributed to its unwavering commitment to maintaining mature security cultures supported by robust security operations. However, industries like public services, construction, education, and hospitality display lower security culture scores, highlighting the importance of tailored approaches to enhance cybersecurity awareness and practices in these sectors.”

Africa, with its diverse cultural landscape and youthful population projected to dominate the global workforce by 2100, faces increasing cyber risks amid rapid technological advancements. Challenges such as limited resources, insufficient cyber awareness, and economic constraints characterized the continent’s cybersecurity landscape in 2023. This underscores the imperative to fortify cybersecurity readiness in light of the critical development needs.

Kenya, Nigeria, and Ghana are leading the way in cybersecurity readiness, with robust strategies supported by their respective governments. Ghana’s remarkable progress in cybersecurity, as demonstrated by its rise in the Global Cybersecurity Index, reflects the region’s dedication to achieving excellence in this field.

In light of a separate survey on the adoption of generative AI (GenAI) by organizations in South Africa, it is crucial to address the findings. With a security culture score of 72, the survey revealed regulatory gaps and a lack of training in countering AI-generated misinformation. This emphasizes the importance of implementing regulations, training programs, and partnerships to combat cyber threats like deepfakes, particularly during upcoming critical governmental elections.

The South African Council for Scientific and Industrial Research (CSIR) anticipates an increase in cyber attacks targeting vital infrastructure and government entities leading up to the elections. This underscores the urgent need for stronger cybersecurity measures to safeguard both the public and private sectors, communities, and national economies. As organizations adapt to the evolving cybersecurity landscape, fostering a culture of awareness, education, and proactive risk management will be essential in enhancing cyber resilience across Africa.