In recent years, countries in Sub-Sahara Africa have seen a significant increase in the use of ICT by citizens, governments and business. At the same time, there has been a marked increase in cybersecurity risks. According to the United Nations Economic Commission for Africa (UNECA), African governments are demonstrating an increasing awareness of cybersecurity issues, but the existing capability to deter, monitor or pursue cybersecurity has been ineffective (UNECA, 2014).
Cyber threats and risks are particularly challenging for developing countries and nations affected by conflict and fragility. Having, generally, developing digital and physical infrastructures, weak institutions, poor governance mechanisms and limited resources, the digitalisation of these countries is often characterised not only by low levels of connectivity but also by insufficient security.
Most developing countries lack specialised knowledge, awareness, institutional arrangement and resources that will enable them to manage cyber-risks, cyber-crime, and cyber-attacks efficiently. Reports on cybersecurity in Sub-Saharan Africa point to several challenges faced by several African countries in effectively managing cybersecurity risks include:
Low levels of cybersecurity awareness among the general population in African countries result in pervasive, poor security habits which enable cybercriminals to thrive (M. Bada, B. von Solms, I. Agrafiotis: Reviewing national cybersecurity awareness in Africa: An Empirical Study, 2018).
Limited capacity of law enforcement, prosecutors and the judiciary are the main impediments to an effective criminal justice response to cybercrime and other offences involving electronic evidence, not only in Africa but in most countries around the world (Symantec, Cyber Crime and Cyber Security Trends in Africa, 2017).
Another major challenge in Africa is the lack of capacity to implement cybercrime and cybersecurity laws. Most African countries have only a basic legal framework in place. As more and more African countries adopt data protection and cybersecurity legislation, it is important that they are accompanied by capacity-building programmes for the effective implementation of the new frameworks.