By VINCENT OWINO

More by this Author

Businesses in East Africa have reported the highest number of cyber-attacks in Africa, implying the rising threats that come with massive digital transformation.

A survey by audit firm KPMG focusing on 300 companies, both large corporations and small and medium-sized enterprises (SMEs), reveals that about three in 10 businesses in the region have fallen victim to cyber-attacks.

The survey blames this on “rapid development and adoption of digital technology across business sectors with limited expertise and awareness around technology and digital infrastructure.”

About nine in ten firms in the region are currently undertaking a digital transformation or have already finished transitioning, compared to 82 percent in West Africa.

John Anyanwu, Africa cyber lead at KPMG, said many economies in the continent have managed to shake off pandemic woes and the effects of other shocks to increase “consumption and adoption of digital technologies at grassroot level.”

The threats

But cybercriminals have revamped their tactics to prey on unsuspecting organisations, primarily posting ransomware, business email compromise and data leakage threats to firms across the continent.

“Today, there is a much larger focus needed on not only mitigating threats, but in the way organisations are set up to deal with them,” said Anthony Muiyuro, cyber lead at KPMG East Africa.

Even so, a quarter of firms across the continent are yet to develop any form of strategy to prevent or deal with cyber-attacks, with only 34 percent of those with a strategy having independent cyber and information security functions.

“This function should be a strategic focus, cut across all business functions. Therefore, establishing an independent information security function is touted as a critical success factor for mature information risk management,” Mr Muiyuro said.

In East Africa, where there is the most threat, 77 percent of businesses have well-defined and regularly reviewed cyber strategies, even though all countries in the region except the Democratic Republic of Congo have established cyber security legislation that requires some form of information protection.

Budget constraints and shortage of skills still hinder African companies’ efforts at building strategies and security operation centres.

While 55 percent of African firms said they are planning on recruiting cybersecurity professionals in the next 12 months, more than two-thirds of the companies find it hard to recruit and retain qualified personnel.

A 2022 report by the International Systems Audit and Control Association estimates that there are currently three million cyber security job vacancies globally that remain unfilled, and this is projected to rise to 10 million in the next few years.

Other challenges that impair organisations’ ability to establish cybersecurity strategies include an influx in the number of security alerts reported, difficulty managing and analysing related data, and lack of documented processes.