GFCE Report: Advancing Cybersecurity with Africa

News Article | 16 May 2023

The Global Forum on Cyber Expertise partnered with the African Union (AU) to enable AU member states to better understand their current cyber capacities and to support the African nations in strengthening their cyber resilience.  

A study on cyber capacity in Africa was commissioned as part of the AU-GFCE collaboration, with a report on the study produced in August 2022. The study was carried out by KPMG Nigeria on behalf of the GFCE, which produced the following report: Advancing Cybersecurity with Africa. 

This report is aimed at presenting the current state of cyber capacities and gaps in Africa from the perspective of five African regions as well as developing an agenda with the needs and priorities for the different regions and the overall continent. The main findings of the study revealed that Northern Africa is “developing” in all domains, whilst Eastern Africa and Western Africa are each “developing” in two domains and Central Africa and Southern Africa are each “developing” in one domain. 

It is noteworthy that efforts have been made by African countries towards cyber capacity building. The level, however, differs by country and region. This variation can be explained by the differences in leadership commitment, cultural practices, knowledge and skills, resource availability, cooperation and intelligence sharing, among others, in relation to cybersecurity. The cyber security maturity gap in Africa, such as a lack of comprehensive national cybersecurity strategy, appropriate cybercrime laws and cybersecurity standards has created opportunities for threats to flourish in the continent with weak defence capabilities. 

The study identified 8 high priority cybersecurity challenges and areas for cyber capacity building opportunities for the African continent and per region to serve as an agenda for African stakeholders.  

Overview of High Priority Challenges of Africa:  

  1. Cybersecurity Culture and Education  
  2. Cybersecurity Strategy  
  3. Cybersecurity Coordination/Implementation Mechanism 
  4. Establishing Cybersecurity Legal Framework 
  5. Establishing a Cooperation and Intelligence Sharing Framework  
  6. Leadership Commitment and Executive Communication  
  7. Participation in Global Cybersecurity Activities & Cyber Diplomacy 
  8. Secure Procurement & Technology Self Sufficiency 


To address the above challenges, 8 general recommendations were offered as imperatives. 

 Overview General Recommendations:

  1. Commitment to Cybersecurity Culture & Education 
  2. Development and Implementation of Robust Cybersecurity Strategy 
  3. Strategic Coordination and Implementation of National Cybersecurity Programmes  
  4. Development of Robust Legal Framework for Cybersecurity 
  5. Implementation of Intelligence Sharing Framework 
  6. Prioritization of Cybersecurity in Leadership 
  7. Prioritization of Commitment to Global Cyber Activities and Cyber Diplomacy  
  8. Implementation of Secure Procurement Framework and Encouragement of Local Technology Development  


These imperatives were followed by the proposal of specific GFCE initiatives to further develop the implementation of these recommendations. These initiatives include the proposal to conduct national cyber risk assessments, where the GFCE can help CNII regulators identify CNII risk by facilitating a multi-stakeholder national cyber risk assessment exercise, or the proposal to develop a capacity building framework for country cyber representatives. More information on the recommended GFCE initiatives can be found in the report below. 

African stakeholders are becoming increasingly aware of the need for increased cyber capacities, as is evident in the continuous efforts towards improvement witnessed in most African states. However, the fast-evolving technological changes and the cyber threat landscape call for an acceleration in cyber capacity building efforts. To achieve success, African nations must prioritize cybersecurity and focus on addressing the root causes that sabotage sustainable growth in cyber capacity. Most importantly, African states must act now. 


Want to know more? Read the report here!