African organisations demonstrate a moderate level of readiness in security culture.
This is according to KnowB4’s 2024 Security Culture Report for Africa, which provides a detailed analysis of the intricate relationship between security practices and employee behaviours within organisations.
The report draws insights from surveys conducted across thousands of organisations worldwide. The security culture score is a global measure used to evaluate organisations based on their approach to security.
“In its section on Africa, the report reveals that organisations evaluated across 20 African countries exhibit an average security culture score of 72, consistent with the previous year,” says Anna Collard, senior vice-president: content strategy and evangelist at KnowBe4 Africa. “This shows a moderate level of readiness in security culture.”
There are noteworthy variations among sectors and countries, emphasising the necessity for targeted interventions to enhance cybersecurity resilience. “The banking sector in Kenya is a standout performer, boasting an impressive average score of 83, attributed to its steadfast commitment to maintaining mature security cultures supported by robust security operations,” explains Collard.
“However, industries such as public services, construction, education, and hospitality show lower security culture scores. This shows the importance of developing specific approaches to enhance cybersecurity awareness and practices in these sectors.”
Africa, with its diverse cultural fabric and youthful population projected to dominate the global workforce by 2100, faces escalating cyber risks amidst rapid technological advancements. Challenges, including limited resources, inadequate cyber awareness, and economic constraints, marked the continent’s cybersecurity landscape in 2023. “This shows the need to strengthen cybersecurity readiness given the critical development requirements.”
Kenya (76), Nigeria (75), and Ghana (74) lead the charge in cybersecurity readiness, showcasing robust strategies backed by local governments. Ghana’s significant progress in cybersecurity, evidenced by its climb in the Global Cybersecurity Index, reflects the region’s commitment to cybersecurity excellence.
“With a security culture score of 72, it’s important to address the findings from a separate survey on generative AI (GenAI) adoption by organisations in South Africa,” adds Collard. “That survey identified regulatory gaps and a lack of training in countering AI-generated misinformation, highlighting the need for regulations, training programmes, and partnerships to tackle cyber threats such as deepfakes, especially during the upcoming crucial governmental elections.”
The South African Council for Scientific and Industrial Research (CSIR) expects an increase in cyber attacks targeting important infrastructure and government bodies in the coming weeks until South Africans go to the polls.
“This highlights the urgent need for stronger cybersecurity measures to protect both public and private sectors, communities, and national economies,” says Collard. “As organisations adapt to the changing cybersecurity environment, promoting a culture of awareness, education, and proactive risk management will be vital in enhancing cyber resilience throughout Africa.”
The security culture score is a global measure used to evaluate organisations based on their approach to security, explains Javvad Malik, lead security awareness advocate at KnowBe4. “This score reflects how much importance different entities worldwide place on cybersecurity within their organisational culture.
“In today’s interconnected world, where a mobile device in a remote area can access sensitive accounts, working in isolation on security is no longer effective,” adds Malik. “Collaboration between governments and regulators is essential not just for creating laws but also for demonstrating practical ways to strengthen security culture.
“Organisations need to prioritise the human element of cybersecurity by focusing on continuous awareness and training efforts rather than relying solely on technological solutions.”