3.1. Cybersecurity and economy: Cyber capacity building as a way to enhance trust in the digital economy

In the introductory section of this module, we discussed how a stable and secure online environment contributes to international peace and security, as well as to fostering trust among actors in cyberspace. Trust is a precondition for the digital economy to flourish, and this is particularly true for e-commerce transactions. 

The sale of products and services over the internet takes place without physical contact, making consumers concerned with a number of the aspects of the transaction, such as the legitimacy of the vendor, the quality of the product, the possibility that their personal data could be misused (either by the vendor or by a third party), and potential threats posed by malicious actors and criminals online. According to UNCTAD’s joint report with CIGI and IPSOS on the state of the global digital economy, consumers refrained from purchasing goods or services online mainly due to a lack of trust, as can be seen in figure 4.

The 2019 edition of the CIGI and the IPSOS report confirmed this trend, and highlighted that cyber criminals are the leading factor that has contributed to consumers’ increased levels of concern, followed by the possibility of the misuse of personal information by internet companies, as shown in figure 5. 

3.1.1. Digitalisation of the economy and security

🎯What are the security implications of rapid digitalization to the economy? 

Since the outbreak of the COVID-19 pandemic, the use of the internet is not a choice, but a need. We are increasingly relying on the internet for work, education, access to health, communication, and acquiring products and services. E-commerce is now key to the purchase of everyday necessities and is increasingly relevant to most individuals. The pandemic has led to a long-lasting shift in purchasing habits across the world, accelerating the uptake of e-commerce by approximately five years. 

This scenario of rapid digitalisation means that a larger number of businesses and individuals will be confronted with the convenience, but also the challenges of operating in an online environment.

Cybercrime is one of the main cybersecurity risks, with profound effects on digital commerce. It was estimated that, by 2017, the cost of cybercrime to the African continent was US$3.5 billion. Estimates of the annual costs of cybercrime for the global economy vary significantly. According to the Internet Society’s Online Trust Alliance, the global economic impact of cybercrime was at least US$45 billion in 2018, while a report by the security company McAfee and the Center for Strategic and International Studies (CSIS) estimated that cybercrime costs the global economy as much as US$600 billion in 2017.

The consensus is that the cost of cybercrime is following an upward trend, as seen in figure 7.

In addition to financial losses suffered as a result of cybercrime, there are other negative effects for the economy:

• Diminished consumer trust: When consumers have been victims of cybercrime, without any form of redress, they tend to avoid buying goods and services online, which in turn has an effect on the profits of businesses. Across the world, there is an increasing number of successful attacks on company servers to acquire customers’ personal data. In September 2021, more than a million South African citizens had their personal data exposed – including customer names and contact details, employment and salary information, and debt-related information – following an attack against a debt recovery services firm. These incidents undermine user trust in online services.
• Loss of trade secrets: Intellectual property, such as trade secrets, is a resource of growing importance for most industries. When these trade secrets are stolen due to cybercrime, the value of their property diminishes.
• Refusal of access to certain markets: Many merchants refuse to carry out e-commerce transactions or even enter into new services in certain countries. Nigeria has been one of these countries due to the numerous cases of fraudulent activities allegedly perpetrated there.
• In some cases, there are threats to critical infrastructure, financial and banking systems, and national security.

The shift to remote work and online shopping prompted by the COVID-19 pandemic requires a greater focus on cybersecurity, because of the greater exposure to cyber risk. E-commerce was also affected by COVID-19, as the sale of counterfeiting goods and malicious online services, disguised, for example, as the contact-tracing apps, also soared. For example, cybercriminals behind Ginp, a banking Trojan, used an app called the Coronavirus Finder. The app pretended to provide information on COVID-19-infected individuals near the user. The user was coaxed into providing their bank card details under the pretext of paying a €0.75 fee that would allow them to visualise the exact location of infected individuals.

3.1.2. Financial services

🎯How can cyber capacity building positively impact digital financial services? 

The world economy largely relies on the smooth functioning of financial and critical infrastructures -–such as telecommunications, energy, and transportation –- and of logistics across the globe. These infrastructures are operated by the public and private sectors and are considered significant points of vulnerability. In the case of the financial and banking systems, rapid digital transformation is blurring the lines between banks and technology companies, making responsibilities to protect the digital financial infrastructure less clear. According to the Financial Stability Board, ‘a major cyber incident, if not properly contained, could seriously disrupt financial systems, including critical financial infrastructure, leading to broader financial stability implications’.

In this context, the security of the financial system depends on expanding the financial sector’s cybersecurity capacity and investing in the capacity building of the cybersecurity workforce. The Carnegie Endowment for International Peace report ‘ International Strategy to Better Protect the Global Financial System against Cyber Threats’  suggests, among other things, the creation of an international mechanism to build cybersecurity capacity for the financial sector, and making cybersecurity capacity building an element of development assistance packages. The African Development Bank also highlighted the need to integrate education and skill development strategies into the national economic development plans of African countries.  

The banking and financial systems are also undergoing rapid digital transformation. The combination of financial and digital services has spurred financial access to millions of people who were previously unbanked, as can be inferred from figure 9. Digital Financial Services (DFS) are critical for poverty reduction and economic growth. At the same time, DFS added to the complexity of promoting security. The provision of DFS involves a complex ecosystem, with the participation of a diverse group of actors, such as banks, mobile network operators, DFS platform providers and platform developers, retail agents, regulators, payment service providers, and clients. The rapid growth and uptake of DFS and the interconnectedness of the system make it vulnerable, as security depends not only on the measures adopted by providers themselves, but also on third-party providers and consumers.

Data breaches are common and can lower customers’ trust in digital finance platforms. Greater awareness of cyber risks by regulators prompted a rethink of the trade-off between efficiency and security in financial services. In this context, the ‘Digital Finance Services Security Assurance Framework’, developed under the leadership of ITU, is a relevant resource, as it provides an overview of the security threats and vulnerabilities facing the DFS providers, helps to clarify roles and responsibilities, develops a risk-assessment methodology and makes recommendations.

Many countries in Africa are experiencing a significant transformation of their financial sectors as they extend financial inclusion and move to DFS. There has been an unprecedented increase in the number of people enjoying access to formal financial services in the continent, which is now home to more digital financial services deployments than any other region in the world, with almost half of the nearly 700 million individual users worldwide.

The COVID-19 pandemic further accelerated the shift to digital finance in many economies. In Africa, governments enacted regulations to support the adoption of digital financial services, used DFS as a way to enable emergency cash transfer programs, and encouraged the use of cashless and contactless modes of payment to reduce the risk of virus spread, while customers increasingly used phones to pay merchants.

The context creates additional opportunities for the adoption of DFS in Africa. Maurer and Nelson recommend strengthening the connections between financial inclusion and cybersecurity, in order to enhance the sustainability of the recent progress made in financial inclusion in the continent. They suggest the creation of a network of experts focused specifically on cybersecurity in Africa. The Alliance for Financial Inclusion (AFI) – a network composed of more than 90 developing countries, where the majority of the world’s unbanked reside – is an example of a platform for peer learning, which has promoted dialogue among African regulators and with the private sector, and provided capacity building to advance digital financial innovation. Between 2016 and 2018, over 160 financial inclusion policies and regulations were implemented by African policymakers through engagement in AFI. AFI’s subgroup on cyber security has produced the ‘Cybersecurity and financial inclusion: framework & risk guide’ to provide key principles and best practices to assist regulatory and supervisory authorities in devising tools for the financial sector to deal with cybersecurity risks.