Eric Oyemam Ato Brown & Alexander Ayertey Odonkor’s thoughts…..Cybersecurity Dynamics: … Securing Information infrastructure in African economies

0

 

Credit: International Telecommunication Union

The augmentation of the global digital economy has created new economic opportunities, making data an indispensable component in the provision of an efficacious panacea to the challenges associated with Sustainable Development Goals (SDGs). Digitization of the economy has proved to be a force for innovation, unrestrained growth in productivity and a stratagem for improving socio-economic outcomes. As highlighted in the Digital Economy Report 2019[1] of the United Nations Conference on Trade and Development (UNCTAD) – depending on the scope, the digital economy accounts for about 4.5% to 15.5% of the global Gross Domestic Product (GDP) with the United States and China contributing close to 40% of the world total – the highest added value in the Information and Communication Technology (ICT) sector. Between 2010 and 2015, global employment in the ICT sector increased from 34 million to 39 million, respectively.

Thus, ICT sector’s share of total employment increased from 1.8% in 2010 to 2% in 2015 – computer services contributed 38%, representing the largest share in the ICT sector. Evidently, digitization of the global economy has yielded tremendous results – In the last decade, global export of ICT services and other related services that can be delivered in digital forms have grown faster than the overall services export.

For instance, in 2018, the global value for digitally deliverable services exports was US$2.9trillion, thus 50% of global services exports. In Least Developed Countries (LDCs), digitally deliverable services accounted for about 16% of total services exports – the increase in value in 2018 is more than three times the amount recorded in 2005. Digitization fosters economic growth in both developing and developed countries – In a published report of PricewaterhouseCoopers[2], digitization contributed US$193billion to the world economic output and created 6 million jobs in 2011.

The report further revealed that the impact of digitization is not the same for all economies – Digitization has a greater impact on economic growth in developed countries than in developing countries but developing countries experience a higher growth in employment. According to the World Bank[3], African countries can record an increase in per capita by 1.5 percentage points per year, and also reduce poverty headcount by 0.7 percentage points per year if the targets for the Digital Economy Transformation Initiative are achieved.

However, the challenge associated with digitization of developing economies, especially in Africa, is parlous – The footprint of cybercrime in developing countries is exacerbating the socio-economic problems in these countries. As indicated by the International Data Group Connect[4] in 2013, the annual cybercrime cost for the two largest economies in Africa, Nigeria and South Africa, is US$573million and US$200million respectively. In 2017, cybercrimes cost African economies[5] a total of US$3.5billion – with Nigeria, Kenya and South Africa recording losses of US$649million, US$210million and US$157million, respectively.

The diminution in productivity created by cybercrime cuts across several sectors in African economies,[6] with financial institutions, governments, e-commerce, mobile-based transactions and telecommunications experiencing the highest impact – Financial institutions, governments, e-commerce, mobile-based transaction, telecommunication and other industries represent the most affected by cybercrime, accounting for losses of  23%, 19%, 16%, 13%, 11% and 18% respectively.

Source: Africa Cybersecurity Report, Serianu

The expansion of the digital economy in Africa is creating new economic opportunities on the continent – Mobile phone penetration has increased from 87 million in 2005 to 760 million in 2017, growing by 20% per annum, the fastest-growing market in the world.  With a projected mobile money industry of US$14billion in Africa, sub-Saharan Africa[7] is considered to be the epicentre of mobile money in the world, hosting two-thirds of global mobile money transactions – with the value of transactions exceeding US$25billion in December 2018. The newly enacted African Continental Free Trade Area (AfCFTA) has the potential to create new avenues for e-businesses and provide a combined GDP of about US$60billion[8].

But most financial institutions in Africa have failed to adequately secure their information infrastructure. The financial cost of cyber-attacks has increased considerably in recent times – In a neoteric survey[9] conducted at 148 banks in sub-Saharan Africa, the findings show that more than 85% of those banks have recorded losses from cyber-attacks – Also 24% of all cybercrimes are related to malware, with credit card fraud and phishing accounting for 30% and one-third respectively.

Money transfer fraud, information leakage and identity-theft have equally impeded productivity in these banks. While 85% of the banks disclosed that they invest US$541,102 a year on securing information infrastructure, another 50% also asserted that they invest between US$108,220 and $541,102 on cybersecurity. With investments of that magnitude, it is lamentable that cybersecurity personnel in the banks detected only 6% of cyber-attacks on the financial institutions – On an average, a malware infected computer cost the banks US$9,707; with the banks suffering an average of US$770,000 in the last few years.

Other areas that continually receive substantial impacts from cybercrime in Africa are e-commerce and mobile-based transactions – As affirmed by McKinsey Global Institute, Africa’s e-commerce market is projected to reach US$75billion in annual e-commerce sales, with the Internet contributing US$300billion to GDP and an additional US$300billion growth in productivity in key sectors by 2025[10]. There are more than 400 million Internet users in Africa, the second-largest Internet user population in the world after China[11] – The number of internet users in Africa is expected to reach 600 million by 2025.

In 2019, Jumia[12] – an e-commerce platform with headquarters in Nigeria – became the first start-up in Africa to be listed on the New York Stock Exchange, at a valuation of US$1.1billion. The e-commerce company operates in more than 10 African countries, offering payment on delivery as a market strategy, just as other e-commerce companies in the region practice. This phenomenon has made mobile money transactions an ideal option to carry out business transactions.

In South Africa[13], where online shoppers spend an average of US$109 on consumer products, the highest in Africa – there are 13,842 cyber-attacks every 24 hours, representing 570 cyber-attacks every 1 hour as indicated by Kaspersky Lab[14] – Infections from malware on mobile phones have also increased enormously. Data from the South African Banking Risk Information Centre (SABRIC)[15] reveal that in 2018, 23,466 fraudulent cases were recorded from online banking, mobile banking and banking apps that amounted to US$13,816,584.

In a survey conducted by PricewaterhouseCoopers, prior to the report of SABRICS, the findings[16] show that 32% of organisations in South Africa have reported cases of cybercrime; but most organizations do not fully understand the intricacies of cyber-attacks as other companies are not adequately prepared – While 35% of organisations in the country have a plan to mitigate cybercrimes, only 48% of board members show interest in their organisation’s state of cyber-readiness.

Some African countries are performing considerably well, as governments and relevant stakeholders continue to provide the needed resources and implement germane policies that regulate cyber space effectively and also improve the status of cybersecurity. In 2018, the Global Cybersecurity Index[17] ranked Mauritius, Kenya and Rwanda as the top-three African countries with the highest score in the five pillars of the GCI: legal, technical, organizational, capacity building and cooperation.

Mauritius has the highest score in the organizational pillar of the region, because the country has a cybersecurity intelligence unit known as the CERT-MU – operating as the response team for any cyber-attacks in the country with a mission to mitigate cybercrime; CERT-MU has developed initiatives such as the National Cybersecurity Strategy and the National Cyber Incident Response Plan.

There is also the National Disaster Cybersecurity and Cybercrime Committee that is constituted by the public and private sector which expedites the monitoring, control and transmission of decisions during cyber crises.

Source: Global Cybersecurity Index, International Telecommunication Union

As the African country with highest scores in the legal and cooperation pillars, Kenya has initiated a practical multi-stakeholder collaboration that encompasses the various Computer Incidence Response Teams (CIRTs), government, financial institutions, academia, telecommunication companies, communication infrastructure providers and other relevant stakeholders.

Rwanda, which was ranked third by the Global Cybersecurity Index, has a high score in the organizational pillar – The country has bodies such as the National Cybersecurity Agency that oversees the security of critical information infrastructure and the Rwanda Utilities Regulatory Authority which monitors the operations of service providers and operators. There is also the Rwanda Information Society Authority that supervises management of government infrastructure. Although the legal pillar is highly distributed in Europe – with the most commitment level in cybercrime legislation, cybersecurity regulation and curbing of spam, countries in Africa are also implementing policies to improve cybersecurity on the continent.

Source: Global Cybersecurity Index, International Telecommunication Union

To mitigate the high level of cybercrimes that has plagued the region in the last decade, it is imperative for governments and corporate organizations in African countries to invest in adequate technological apparatus – specifically artificial intelligence, which has proven to be effective against phishing[18].

 

About the Authors

Eric Oyemam Ato Brown is a data scientist and a policy analyst, currently pursuing a second Master’s degree in analytics and information management at Duquesne University. Eric holds a Master’s degree in public administration and a Bachelor’s degree in economics and sociology. He has stellar experience garnered from working as a youth development activist, and also from the Enterprise Wide Transformation programme and Global Network for Advanced Management (GNAM) of Massachusetts Institute of Technology and Yale University, respectively.

Alexander Ayertey Odonkor is a chartered financial analyst and a chartered economist with stellar expertise in the financial services industry of developing economies – With a Master’s degree in finance and a Bachelor’s degree in economics and finance, Alexander holds postgraduate certificates in entrepreneurship in emerging economies and electronic trading on financial markets from Harvard University and New York Institute of Finance, respectively. He has also completed the International Monetary Fund’s (IMF) programme on Financial Programming and Policies.

 

References

[1] United Nations Conference on Trade and Development (2019) ‘‘Digital Economy Report Value Creation and Capture: Implications for Developing Countries’’ Available at: https://www.un-ilibrary.org/democracy-and-governance/digital-economy-report-2019_c7dc937a-en (Accessed: 23 April, 2020).

 

[2] PricewaterhouseCoopers (2013) ‘‘Digitization for Economic Growth and Job Creation Regional and Industry Perspectives’’ Available at: https://www.strategyand.pwc.com/m1/en/reports/digitization-for-economic-growth-and-job-creation.pdf (Accessed: 23 April, 2020).

 

[3] World Bank Group (2019) ‘‘Digital Economy for Africa – Every African Individual Business and Government to be Digitally Enabled by 2030’’ Available at: http://pubdocs.worldbank.org/en/312571561424182864/062519-digital-economy-from-africa-initiative-Tim-Kelly.pdf (Accessed: 24 April, 2020).

 

[4]International Data Group Connect ‘‘Africa 2013: Cyber-Crime,Hacking and Malware’’ White paper. Available at: https://www.idgconnect.com/document/3544126d-55bf-4765-bee2-a348353990e4/africa-2013-cyber-crime-hacking-and-malware (Accessed: 24 April, 2020).

[5] Dahir A.L (2018) ‘‘Cybercrime is costing Africa’s businesses billions’’ Quartz Africa, 12 June [Online]. Available at: https://qz.com/africa/1303532/cybercrime-costs-businesses-in-kenya-south-africa-nigeria-billions/ (Accessed: 24 April, 2020).

[6] Signé, L & Signé, K (2018) ‘‘Global cybercrimes and weak cybersecurity threaten businesses in Africa’’ 30 May Brookings Institution [Online]. Available at: https://www.brookings.edu/blog/africa-in-focus/2018/05/30/global-cybercrimes-and-weak-cybersecurity-threaten-businesses-in-africa/

 

[7] GSMA (2019) ‘‘State of the Mobile Money Industry in Sub-Saharan Africa’’ Available at: https://www.gsma.com/mobilefordevelopment/wp-content/uploads/2019/07/GSMA-Sub-Saharan-Africa-SOTIR-presentation.pdf (Accessed: 24 April, 2020).

[8] African Development Bank (2019) ‘‘Africa’s Digital Economy poised to explode as regional integration opens new markets’’ Available at: https://www.afdb.org/fr/news-and-events/africas-digital-economy-poised-to-explode-as-regional-integration-opens-new-markets-19272 (Accessed: 24 April, 2020).

[9] Berrada, E.M (2020) ‘‘Cybercrime: West African banks are under-protected’’ The Africa Report, 31 January [Online]. Available at: https://www.theafricareport.com/22644/cybercrime-west-african-banks-are-under-protected/ (Accessed: 24 April, 2020).

 

[10] McKinsey & Company (2013) ‘‘Lions go digital: The Internet’s transformative potential in Africa’’https://www.mckinsey.com/~/media/McKinsey/Industries/Technology%20Media%20and%20Telecommunications/High%20Tech/Our%20Insights/Lions%20go%20digital%20The%20Internets%20transformative%20potential%20in%20Africa/MGI_Lions_go_digital_Full_report_Nov2013.ashx (Accessed: 25 April, 2020).

[11] Desvaux, G. & Poignonnec, S. (2019) ‘‘How e-commerce supports African business growth’’ McKinsey & Company. Available at: https://www.mckinsey.com/featured-insights/middle-east-and-africa/how-ecommerce-supports-african-business-growth (Accessed: 25 April, 2020).

 

[12] Munshi, N. (2019) ‘‘Jumia’s rise exposes challenges of online shopping in Africa’’ Financial Times, 5 May [Online]. Available at: https://www.ft.com/content/b98e9608-6a73-11e9-a9a5-351eeaef6d84 (Accessed: 25 April, 2020).

 

[13] Kazeem, Y. (2020) ‘‘Online spending in Africa shows just how much work e-commerce companies still have to do’’ Quartz Africa, 10 February [Online]. Available at: https://qz.com/africa/1797489/how-much-do-africans-spend-on-e-commerce/ (Accessed: 25 April, 2020).

 

[14] Allen, K. (2019) ‘‘Is Africa cybercrime-savvy?’’ Institute for Security Studies, 26 June [Online]. Available at: https://issafrica.org/iss-today/is-africa-cybercrime-savvy (Accessed: 25 April, 2020).

[15] South African Banking Risk Information Centre ‘‘SABRIC Annual Crime Stats 2018’’Available at: https://www.sabric.co.za/media-and-news/press-releases/sabric-annual-crime-stats-2018/ (Accessed: 25 April, 2020).

 

[16] PricewaterhouseCoopers (2016) ‘‘Economic Crime: A South African Pandemic No Sector or region is Immune’’ Available at: https://www.pwc.co.za/en/assets/pdf/south-african-crime-survey-2016.pdf (Accessed: 25 April, 2020).

 

[17] Information Technology Union ‘’Global Cybersecurity Index 2018’’ Available at: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2018-PDF-E.pdf (Accessed: 26 April, 2020).

[18] Gravrock, E. V (2019) ‘‘Here are the biggest cybercrime trends of 2019’’World Economic Forum, 4 March [Online]. Available at: https://www.weforum.org/agenda/2019/03/here-are-the-biggest-cybercrime-trends-of-2019/ (Accessed: 26 April, 2020).

Leave a Reply