1. Cybersecurity skills and culture in Africa (context)

Every citizen of the world should be able to fully reap the benefits of ICT through a free, open, peaceful and secure digital world. Building cyber capacity provides the necessary foundation for countries to strengthen their cyber resilience through developing skills and capacity that addresses threats and vulnerabilities arising from cyberspace. It is therefore our mission to strengthen cyber capacity and expertise globally through international collaboration and cooperation

– GFCE Mission Statement

Africa’s active participation in digital policy and cybersecurity discussions is beneficial not only for Africa but also for a more inclusive, impactful, and informed global digital policy. Building cyber capacity for African stakeholders is an urgent necessity. Cyber capacity building can facilitate the process of harnessing digital technologies and innovation to generate inclusive economic growth, stimulate job creation, and promote socio-economic development. At the same time, capacity building will positively contribute to the engagement of African stakeholders in global digital policy discussions, effectively promoting African interests in the international arena.

Several cybersecurity specificities of the African region are linked to gaps in capacity building:

• Technology adoption is rising fast in Africa, especially thanks to its young population (62% of Africans are under 25 in 2021). Youth, in particular, are very keen to adopt technology. Yet, in 2019, ITU estimated that only 28.6% of Africans were using the internet, which is low compared to the global average rate of 51.4%. Nevertheless, in the future, most of the new internet users are expected to be coming from Africa. The potential for internet adoption on the continent is huge. Developing a corresponding cybersecurity culture and ensuring that the population has the necessary cybersecurity skills needs to be a priority.

• This is obviously related to the high cost of the internet in Africa. The mobile pricing update by the Alliance for Affordable Internet (A4AI) indicates that on average, the cost of the internet in Africa is very high at about 6% of monthly income. Many African countries cannot be compared with other low- and middle-income countries such as those in Asia-Pacific, Latin America, and the Caribbean, where the mean cost of mobile internet is about 1.5% of monthly income. The pricing update measures the cost of 1GB of data on a prepaid mobile as a percentage of gross national income (GNI) per capita. Understanding and working to mitigate underlying reasons for the high costs of the internet is an important focus of building the corresponding cybersecurity culture of the future.

• African governments have stated policies on increasing internet access and lowering its cost. However, they are progressively targeting the digital space for taxation to raise revenues. This potentially has the effect of slowing the uptake of the internet as many internet users in Africa have other competing needs as noted in the mobile broadband affordability index. It follows then that for the internet to be really affordable, African economies have to grow and provide disposable income that can be used to purchase internet data.

• Africa is a leader in mobile financial services globally (14% of Africans are using mobile money). The rate of access to financial services in Africa has increased significantly since the 2000s after mobile money services started according to Matthieu Aucante. The GSMA 2021 Report estimated that the transaction volume in sub- Saharan Africa alone was US$27.4bn, while the global one was US$41.1bn. This is important for financial inclusion as ‘individuals and businesses have access to useful and affordable financial products and services that meet their needs – transactions, payments, savings, credit and insurance – delivered in a responsible and sustainable way’ (World Bank Group). The ACRC estimates that the future of this ‘success story will also depend on the attention and resources that will be devoted to the issue of cybersecurity’.

• There is a rise of mobile malware, especially targeting android phones (89% of smartphones in Africa run on Android), resulting in stealing of personal data and money extortion. While it is common to undertake security measures on their laptops or desktop computers, in most cases, Africans are not doing the same on their smartphones. Educational activities will improve the secure use of digital devices.

• In 2018, Mcafee estimated the financial losses due to cybercrime in Africa at US$ 2 billion. Moreover, Interpol, in its report, claims that 90% of African businesses are operating without the necessary cybersecurity protocols in place. This puts the industry at significant risk and opens the door for cybercriminals to exploit these vulnerabilities. Consequently, businesses suffer significant financial losses. The report also asserts that in 2016, the Kenyan economy lost about US$36 million, the South African economy US$573 million and the Nigerian economy US$500 million as a result of cybercrime. Furthermore, during the Book Talk hosted by the Economic Commission for Africa (ECA), it was stressed that cybercrime is one of the top risk factors likely to jeopardise Africa’s economy, a concern that is particularly relevant when the continent is transitioning to e-commerce under the Africa Continental Free Trade Area (AfCFTA).

• Access to the internet is not an irrelevant connection. Should development support focus on affordable access for the ‘next billion’ or the ‘bottom’ billion users? The next billion users are easier to connect to, as they are likely to be closer to networks and have basic digital literacy skills compared to the bottom billion users who will certainly sink further down the poverty line without digital inclusion. Thus, building digital skills is essential and spills over into the issue of access to the internet.