Cybercrime and Cybersecurity Trends in Africa

A new study by Symantec and the African Union provides a detailed analysis of the latest trends on cybercrime and cybersecurity on the African Continent. The report reveals both the economic potential of cyber in Africa with an estimated market value of 75 million USD in 2025 and the extent of cyber threats, especially with regards to mobile malware and money transfers. The report is based on a survey among African nations and a regional threat analysis. The study was conducted with support from the United States Department of States and has been adopted as initiative within the GFCE community. The study will be presented during the African Union Assembly and made available via the GFCE website.

Written by: Ms. Cheri McGuire, Vice President of Global Government Affairs and Cybersecurity Policy at Symantec

Why cybercrime matters to Africa

Africa is a continent on the rise. It is growing quickly in terms of population, the economy, and global influence. Today, Africa is home to 1.21 billion people (up from just 800 million in 2000), with a median age of just 19.5 years, the youngest population in the world. With this prominence of youth comes a diverse population that is looking for productive employment, social engagement, free expression, and increased global connectivity. While the downturn in world commodity prices has hit African economies hard, nearly every African nation is poised to grow over the coming years. Some will continue on a trajectory putting them among the fastest growing economies in the world. Technology adoption continues to rise as well, with mobile device ownership growing exponentially, social media use increasing, and the Internet of Things (IoT) quickly becoming a reality. Even the most conservative metrics show that Africa is poised to make great gains and help fuel global growth into the future. Along with this rapid economic growth, comes a burgeoning e-commerce industry that is poised to expand to an estimated $75 billion USD by the year 2025. 

With this growing prosperity and digitization however new risks and vulnerabilities arise that could undermine progress. Chief among these risks is the global rise of cybercrime. As the African Continent’s economy moves online, citizens, their computer systems, and the Continent’s information technology (IT) infrastructure become enticing targets for an increasingly professional cadre of cybercriminals. The growth of cybercrime is by no means just an African problem. In fact, in 2013, the total global direct cost of cybercrime reached an estimated $113 billion USD. In South Africa alone, 73% of adults reported experiencing cybercrime, which is estimated to have cost the South African economy 337 million USD. Compounding the problem is the fact that many Africans are still using outdated, or in many cases pirated, software. Nearly one quarter of users in Africa are currently using the operating system Windows XP that was first released in 2001, and for which software patches were discontinued in 2014.

“More than one out of every seven mobile devices in Nigeria is currently infected with mobile malware”

Understanding the Threat Landscape

In order for Africa to realize its full potential, policymakers will need to implement effective policies and awareness initiatives to stem the rising tide of cyber threats. Unfortunately, these same policymakers, technicians, and other experts have long noted the lack of detailed and reliable threat information regarding cybercrime threats in the region. Such information is invaluable in assessing and managing cyber risks by providing governments a more complete and nuanced understanding of how criminals and other actors are targeting and exploiting cyber-related vulnerabilities.

To help address this information gap, the African Union (AU) and Symantec Corporation, through the Global Forum for Cyber Expertise (GFCE) and with the support of the U.S. Department of State, are engaged in a public-private partnership to develop a report that collects and presents detailed policy and technical data on the state of cybersecurity in Africa. The research includes surveys sent to every African nation on current cyber capabilities and trends, as well as regional cybersecurity threat data from Symantec’s Global Intelligence Network. Governments and other interested parties can utilize this information to identify gaps and to strengthen protection, prevention and response mechanisms to confront the diverse range of cyber threats. This report also will be an excellent opportunity for AU Member States to illustrate the significant advances and accomplishments in the areas of cybersecurity and combating cybercrime. Moreover, the results of the research will serve to guide future capacity building efforts for AU Members. 

The Threat of Mobile Malware

Initial findings indicate that due to the borderless nature of cybercrime, many of the trends we see globally also are affecting Africa, including the explosion of ransomware and social media scams, and the proliferation of new malware and website vulnerabilities. However, because of how the IT infrastructure evolved in Africa, several of these cybercrime trends will become especially acute and pose a significant danger. Mobile malware, for instance, is a huge problem in Africa today and will continue to be a major threat into the future. Globally, the number of new vulnerabilities identified in mobile software grew a staggering 214% in 2014. Over the past decade, Mobile phone networks have transformed communications in Africa. Most importantly, mobile phones have allowed African communications networks to leapfrog the entire landline generation of development and go directly to the digital age. Globally, smartphones are an increasingly attractive target for cybercriminals who are investing in more sophisticated attacks that are effective at stealing personal data or extorting money from victims. The steady rise of mobile malware that mainly targets Android systems is also of concern given 89% of the smartphone market share in Africa runs on that platform.  For example, according to Symantec data, more than one out of every seven mobile devices in Nigeria is currently infected with mobile malware. Africa also leads the world in money transfers using mobile phones, with 14% of all Africans receiving money through mobile transfers. And with some of the world’s largest mobile money transfer services, such as Kenya’s Mpesa, cybercriminals will continue to heavily target mobile devices in Africa. 

With a young population that is rapidly adopting new technologies, Africa is on the verge of an Internet boom. These advances also bring with them new risks. To keep pace, initiatives by African Nations should seek to combat cybercrime and improve their overall cybersecurity posture. It will take a concerted effort from international governments, industry, and civil society to reduce cybercrime and improve cyber protection and resilience so that Africa can reach its full potential in the global economy.