Cybersecurity Dynamics: Securing Information Infrastructure in African Economies

0
1405
Credit: International Telecommunication Union

By: Eric Oyemam Ato Brown & Alexander Ayertey Odonkor

The augmentation of the global digital economy has created new economic opportunities, making data an indispensable component in the provision of an efficacious panacea to the challenges associated with Sustainable Development Goals (SDGs). Digitization of the economy has proved to be a force for innovation, unrestrained growth in productivity and a stratagem for improving socio-economic outcomes. As highlighted in the Digital Economy Report 2019[ of the United Nations Conference on Trade and Development (UNCTAD) – depending on the scope, the digital economy accounts for about 4.5% to 15.5% of the global Gross Domestic Product (GDP) with the United States and China contributing close to 40% of the world total – the highest added value in the Information and Communication Technology (ICT) sector. Between 2010 and 2015, global employment in the ICT sector increased from 34 million to 39 million, respectively.

Thus the share of ICT sector in total employment increased from 1.8% in 2010 to 2% in 2015 – Computer services contributed 38%, representing the largest share in the ICT sector. Evidently, digitization of the global economy has yielded tremendous results – In the last decade, global export of ICT services and other related services that can be delivered in digital forms have grown faster than the overall services export. For instance in 2018, the global value for digitally deliverable services exports was $2.9 trillion, thus 50% of global services exports. In Least Developed Countries (LDCs), digitally deliverable services accounted for about 16% of total services exports – the increase in value in 2018 is more than three times the amount recorded in 2005. Digitization fosters economic growth in both developing and developed countries – In a published report of PricewaterhouseCoopers, digitization contributed $193 billion to the world economic output and created 6 million jobs in 2011.

The report further revealed that the impact of digitization is not the same for all economies –Digitization has a greater impact on economic growth in developed countries than in developing countries but developing countries experience a higher growth in employment. According to the World Bank, African countries can record an increase in per capita by 1.5 percentage points per year and also reduce poverty headcount by 0.7 percentage points per year if the targets for the Digital Economy Transformation Initiative are achieved. However, the challenge associated with digitization of developing economies especially in Africa is parlous – The footprint of cybercrime in developing countries is exacerbating the socio-economic problems in these countries. As indicated by the International Data Group Connect in 2013, the annual cybercrime cost for the two largest economies in Africa, thus Nigeria and South Africa is 573 million and 200 million, respectively. In 2017, cybercrimes cost African economies a total of $3.5 billion with Nigeria, Kenya and South Africa recording losses of $649 million, $210 million and $157 million, respectively.

The diminution in productivity created by cybercrime cuts across several sectors in African economies with financial institutions, governments, e-commerce, mobile-based transactions and telecommunications experiencing the highest impact – Financial institutions, Governments, e-commerce, mobile-based transaction, telecommunication and other industries represent the most affected by cybercrime, accounting for losses of  23%, 19%, 16%, 13%, 11% and 18% , respectively.

Source: Africa Cybersecurity Report, Serianu

The expansion of the digital economy in Africa is creating new economic opportunities on the continent – Mobile phone penetration has increased from 87 million in 2005 to 760 million in 2017, growing by 20% per annum, the fastest growing market in the world.  With a projected mobile money industry of $14 billion in Africa, Sub-Saharan Africa is considered to be the epicentre of mobile money in the world, hosting two-thirds of global mobile money transactions, with the value of transactions exceeding $25 billion in December 2018. The enacted African Continental Free Trade Area (AfCFTA) has the potential to create new avenues for e-businesses and provide a combined GDP of about $600 billion.

But most financial institutions in Africa have failed to adequately secure their information infrastructure. The financial cost of cyber attacks has increased considerable in recent times – In a neoteric survey conducted in 148 banks in Sub-Saharan Africa, the findings show that more than 85% of these banks have recorded losses from cyber attacks – Also 24% of all cybercrimes are related to malware with credit card fraud and phishing accounting for 30% and one-third, respectively. Money transfer fraud, information leakage and identity theft have equally impeded productivity in these banks. Whiles 85% of the banks disclosed that they invest $541,102 a year on securing information infrastructure, another 50% also asserted that they invest between $108,220 and $541,102 on cybersecurity. With investments of that magnitude, it is lamentable that cybersecurity personnel in the banks detected only 6% of cyber attacks on the financial institutions – On an average, a malware infected computer cost the banks $9,707 with the banks suffering an average of $770,000 in the last few years.

Another area that continually receives a substantial impact from cybercrime in Africa is e-commerce and mobile-based transactions – As affirmed by McKinsey Global Institute, Africa’s e-commerce market is projected to reach $75 billion in annual e-commerce sales with the internet contributing $300 billion to GDP and an additional $300 billion growth in productivity in key sectors by 2025. There are more than 400 million internet users in Africa, the second largest internet user population in the world after China – The number of internet users in Africa is expected to reach 600 million by 2025. In 2019, Jumia, an e-commerce platform with headquarters in Nigeria became the first start-up in Africa to be listed on the New York Stock Exchange, at a valuation of $1.1 billion – The e-commerce company operates in more than 10 African countries, offering payment on deliver as a market strategy just as other e-commerce companies in the region practice. This phenomenon has made mobile money transactions an ideal alternative to carry out business transactions.

In South Africa, where online shoppers spend an average of $109 on consumer products, the highest in Africa – there are 13,842 cyber attacks every 24 hours, representing 570 cyber attacks every 1 hour as indicated by Kaspersky Lab – Infections from malware on mobile phones has also increased enormously. Data from the South African Banking Risk Information Centre (SABRIC) reveals that in 2018, 23,466 fraudulent cases were recorded from online banking, mobile banking and banking apps that amounted to $13,816,584.

In a survey conducted by PricewaterhouseCoopers, prior to the report of SABRICS, the findings show that 32% of organisations in South Africa have reported cases of cybercrime but most organizations do not fully understand the intricacies of cyber attacks as other companies are not adequately prepared – Whiles 35% of organisations in the country have a plan to mitigate cybercrimes, only 48% of board members show interest in their organisation’s state of cyber-readiness.

Some African countries are performing considerably well as governments and relevant stakeholders continue to provide the needed resources and implement germane policies that regulate the cyber space effectively and also improve the status of cybersecurity. In 2018, the Global Cybersecurity Index ranked Mauritius, Kenya and Rwanda as the top three African countries with the highest score in the five pillars of the GCI: legal, technical, organizational, capacity building and cooperation.

Mauritius has the highest score in the organizational pillar in the region because the country has a cybersecurity intelligence unit known as the CERT-MU – operating as the response team for any cyber attacks in the country with a mission to mitigate cybercrime; CERT-MU has developed initiatives such as the National Cybersecurity Strategy and the National Cyber Incident Responds Plan.  

There is also the National Disaster Cybersecurity and Cybercrime Committee that is constituted by the public and private sector that expedites the monitoring, control and transmission of decision during cyber crisis.

Source: Global Cybersecurity Index, International Telecommunication Union

As the only African country with the highest score in the legal and cooperation pillars, Kenya, has initiated a practical multi-stakeholder collaboration that encompasses the various Computer Incidence Response Teams (CIRTs), government, financial institutions, academia, telecommunication companies, communication infrastructure providers and other relevant stakeholders.

Rwanda, which was ranked third by the Global Cybersecurity Index, has a high score in the organizational pillar – The country has bodies such as the National Cybersecurity Agency that oversees the security of critical information infrastructure and the Rwanda Utilities Regulatory Authority that monitors the operations of service providers and operators. There is also the Rwanda Information Society Authority that supervises the management of Government infrastructure. Although the legal pillar is highly distributed in Europe, with the most commitment level in cybercrime legislation, cybersecurity regulation and curbing of spam, countries in Africa are also implementing policies to improve cybersecurity on the continent.

Source: Global Cybersecurity Index, International Telecommunication Union To mitigate the high level of cybercrimes that has plagued the region in the last decade, it is imperative for governments and corporate organizations in African countries to invest in adequate technological apparatus specifically artificial intelligence, which has proven to be effective against phishing.   
null

About the Authors

Eric Oyemam Ato Brown is a data scientist and a policy analyst, currently pursuing a second master’s degree in analytics and information management at Duquesne University. Eric holds a master’s degree in public administration and a bachelor’s degree in economics and sociology. He has a stellar experience garnered from working as a youth development activist and also from the Enterprise Wide Transformation program and the Global Network for Advanced Management (GNAM) of Massachusetts Institute of Technology and Yale University, respectively.

Alexander Ayertey Odonkor is a chartered financial analyst and a chartered economist with a stellar expertise in the financial services industry in developing economies – with a master’s degree in finance and a bachelor’s degree in economics and finance, Alexander holds postgraduate certificates in entrepreneurship in emerging economies and electronic trading on financial markets from Harvard University and New York Institute of Finance, respectively. He has also completed the International Monetary Fund’s (IMF) program on Financial Programming and Policies.


LEAVE A REPLY

Please enter your comment!
Please enter your name here