Every citizen of the world should be able to fully reap the benefits of ICT through a free, open, peaceful and secure digital world. Building cyber capacity provides the necessary foundation for countries to strengthen their cyber resilience through developing skills and capacity that addresses threats and vulnerabilities arising from cyberspace. It is therefore our mission to strengthen cyber capacity and expertise globally through international collaboration and cooperation
– GFCE Mission Statement
Africa’s active participation in digital policy and cybersecurity discussions is beneficial not only for Africa but also for a more inclusive, impactful, and informed global digital policy. Building cyber capacity for African stakeholders is an urgent necessity. Cyber capacity building can facilitate the process of harnessing digital technologies and innovation to generate inclusive economic growth, stimulate job creation, and promote socio-economic development. At the same time, capacity building will positively contribute to the engagement of African stakeholders in global digital policy discussions, effectively promoting African interests in the international arena.
The theme Cybersecurity Culture and Skills was endorsed by the GFCE community in the Delhi Communiquéas one of the five prioritised themes (cybersecurity policy and strategy, cyber incident management and critical infrastructure protection, cybercrime, cyber security standards) for cyber capacity building to:
1. Promote comprehensive awareness across all stakeholders of cyber-related threats and vulnerabilities and empower them with the knowledge, skills, and sense of shared responsibility to practice safe and informed behaviours in the use of ICTs, and to
2. Involve all stakeholders to create a workforce with a set of cybersecurity skills and knowledge employers require.
GFCE Working Group D (WG D) focuses on the following topics: – Cybersecurity awarenesses – Education and training, with a focus on cybersecurity workforce development
What do you think are the biggest hurdles and challenges for building a mature cybersecurity culture in African countries?
Several cybersecurity specificities of the African region are linked to gaps in capacity building:
Technology adoption is rising fast in Africa, especially thanks to its young population (62% of Africans are under 25 in 2021). Youth, in particular, are very keen to adopt technology. Yet, in 2019, ITU estimated that only 28.6% of Africans were using the internet, which is low compared to the global average rate of 51.4%. Nevertheless, in the future, most of the new internet users are expected to be coming from Africa. The potential for internet adoption on the continent is huge. Developing a corresponding cybersecurity culture and ensuring that the population has the necessary cybersecurity skills needs to be a priority.
This is obviously related to the high cost of the internet in Africa. Themobile pricing update by the Alliance for Affordable Internet (A4AI) indicates that on average, the cost of the internet in Africa is very high at about 6% of monthly income. Many African countries cannot be compared with other low- and middle-income countries such as those in Asia-Pacific, Latin America, and the Caribbean, where the mean cost of mobile internet is about 1.5% of monthly income. The pricing update measures the cost of 1GB of data on a prepaid mobile as a percentage of gross national income (GNI) per capita. Understanding and working to mitigate underlying reasons for the high costs of the internet is an important focus of building the corresponding cybersecurity culture of the future.
African governments have stated policies on increasing internet access and lowering its cost. However, they are progressively targeting the digital space for taxation to raise revenues. This potentially has the effect of slowing the uptake of the internet as many internet users in Africa have other competing needs as noted in the mobile broadband affordability index. It follows then that for the internet to be really affordable, African economies have to grow and provide disposable income that can be used to purchase internet data.
Africa is a leader in mobile financial services globally (14% of Africans are using mobile money). The rate of access to financial services in Africa has increased significantly since the 2000s after mobile money services started according to Matthieu Aucante. The GSMA 2021 Report estimated that the transaction volume in sub- Saharan Africa alone was US$27.4bn, while the global one was US$41.1bn. This is important for financial inclusion as ‘individuals and businesses have access to useful and affordable financial products and services that meet their needs – transactions, payments, savings, credit and insurance – delivered in a responsible and sustainable way’ (World Bank Group). The ACRC estimates that the future of this ‘success story will also depend on the attention and resources that will be devoted to the issue of cybersecurity’.
There is a rise of mobile malware, especially targeting android phones (89% of smartphones in Africa run on Android), resulting in stealing of personal data and money extortion. While it is common to undertake security measures on their laptops or desktop computers, in most cases, Africans are not doing the same on their smartphones. Educational activities will improve the secure use of digital devices.
In 2018, Mcafee estimated the financial losses due to cybercrime in Africa at US$ 2 billion. Moreover, Interpol, in its report, claims that 90% of African businesses are operating without the necessary cybersecurity protocols in place. This puts the industry at significant risk and opens the door for cybercriminals to exploit these vulnerabilities. Consequently, businesses suffer significant financial losses. The report also asserts that in 2016, the Kenyan economy lost about US$36 million, the South African economy US$573 million and the Nigerian economy US$500 million as a result of cybercrime. Furthermore, during the Book Talk hosted by the Economic Commission for Africa (ECA), it was stressed that cybercrime is one of the top risk factors likely to jeopardise Africa’s economy, a concern that is particularly relevant when the continent is transitioning to e-commerce under the Africa Continental Free Trade Area (AfCFTA).
Access to the internet is not an irrelevant connection. Should development support focus on affordable access for the ‘next billion’ or the ‘bottom’ billion users? The next billion users are easier to connect to, as they are likely to be closer to networks and have basic digital literacy skills compared to the bottom billion users who will certainly sink further down the poverty line without digital inclusion. Thus, building digital skills is essential and spills over into the issue of access to the internet.
Reflection point
How can I make the case with my leaders to focus on efficient capacity development programmes?
The specific context and challenges in Africa link back to the needs for concentrated capacity building efforts. The advancement of cybersecurity culture will positively impact the African continent as well as the rest of the global community (possibly decreasing cyber attacks conducted abroad from the African continent). The growing centrality of cybersecurity has led many governments and international organisations to focus on building the capacity of nations to withstand threats to the public and its digital resources.
Therefore, cybersecurity awareness in Africa should put an emphasis on basic digital skills (such as the safe use of mobile devices/smartphones), as well as on understanding cybersecurity more holistically – among all stakeholder groups.
It is essential to focus on people’s skills in the first place and continually build a better cybersecurity culture. Policymakers need to better understand and be aware of the alarming links between the lack of cyber capacity and, for instance, economic growth or security. It is essential to invest resources into capacity building programmes.
One exciting motivation for your country’s leaders can be to build the image of your country as a champion in cybersecurity capacity building. As the GFCE Global Good Practices overview document remarked, countries that have previously benefited from capacity building activities, that have reached a certain level of maturity, and have the experience to share may serve as a regional hub for sharing their experience with their respective regions. Establishing capacity in one country of a region could help strengthen capacity in neighbouring countries as well.
Having a local hub and a champion in a region can facilitate awareness-raising of the opportunities for accessing a global programme. The support provided through local hubs can reduce costs and increase responsiveness to the needs of those requesting support and resources for capacity building.