As is often said, Africa is not a country – and according to KnowBe4’s annual What Keeps You up at Night Report, what concerns one of the economic powerhouses is not necessarily a priority for the others and it’s an eye-opener around Africa’s diverse security challenges.
“It’s a known fact that African countries and organisations are being targeted more actively by cybercriminals, to the level that it’s one of the fastest-growing regions in terms of cybercrime,” says Anna Collard, SVP of Content Strategy at KnowBe4 Africa.
“But when you get down to the specifics, the differences between the survey’s continental averages and its three biggest Sub-Saharan economies are quite striking.”
Here’s a snapshot look at cyber threats, compliance security, security initiatives, users, resources, and executive issues in Kenya, Nigeria and South Africa.
In general, Kenya is split on the priorities of security threats such as phishing and ransomware. On average, at least half of organisations don’t regard these and other threats as more than somewhat concerning – considerably lower than the continental totals. But that also means that the other half of the organisations rank such threats as very concerning, with 31% saying they are kept awake at night by the possibility of business email compromise.
Kenya’s concerns over security initiatives mirror the continent’s worries – 46% are kept awake at night about security awareness training and supply chain security, respectively. In contrast, the country is not as concerned about different user security issues – African averages lean more towards extreme concerns, yet Kenya’s focus tends to split between somewhat and very concerned.
Nigeria is the clear outlier in security matters, taking some very different views on what to be concerned about. On the one hand, no country is more worried about ransomware: 59% of Nigerian companies say this keeps them up at night, though 40% are only somewhat concerned. Malware attracts a similar split. Yet 74% of Nigerian companies are only somewhat concerned about data breaches.
They are not worried much about security initiatives. Only multi-factor authentication truly keeps them awake at night (74%), with the next massive concern, identity management, sits at 27%. Here’s the kicker: 89% of organisations there are not at all concerned about security awareness training. When user risks do surface, two types of users solicit similar levels of security concerns – remote workers (67%) and negligent workers (41%). 87% of Nigerian companies are somewhat concerned about malicious insiders, and 69% about password sharing.
Attitudes in South Africa align closely with the continent’s averages, though there are some differences. While other countries tend to worry most about ransomware, South African organisations rank phishing as extremely (46%) and very (35%) concerning. Malware and business email compromise reflect similar levels of worry – and though ransomware is lower than these categories, at 50%, it’s the threat keeping most businesses awake at night.
South African views around security initiatives almost mirror those of Kenya: 46% are extremely concerned about security awareness training and supply chain security. 38% are also being kept awake by privileged access management, incident response, securing the cloud, and multi-factor authentication. Remote workers keep 57% of South African companies up at night, while negligent insiders (44%) and users sharing passwords (41%) are not far behind.