KnowBe4 (www.knowbe4.com), the provider of the world’s largest security awareness training and simulated phishing platform, has just released its highly anticipated 2024 Security Culture Report (https://apo-opa.co/3Wr5p7a) for Africa, providing a detailed analysis of the intricate relationship between security practices and employee behaviours within organisations. Drawing insights from surveys conducted across thousands of organisations worldwide, the full report (https://apo-opa.co/3Wx9hng) offers a comprehensive five-year comparative view, highlighting significant trends shaping the cybersecurity landscape.
“In its section on Africa, the report reveals that organisations evaluated across 20 African countries exhibit an average security culture score of 72, consistent with the previous year,” says Anna Collard, SVP of Content Strategy & Evangelist for KnowBe4 Africa. “This shows a moderate level of readiness in security culture.”
There are noteworthy variations among sectors and countries, emphasising the necessity for targeted interventions to enhance cybersecurity resilience. “The banking sector in Kenya is a standout performer, boasting an impressive average score of 83, attributed to its steadfast commitment to maintaining mature security cultures supported by robust security operations,” explains Collard. “However, industries such as public services, construction, education, and hospitality show lower security culture scores. This shows the importance of developing specific approaches to enhance cybersecurity awareness and practices in these sectors.”
Africa, with its diverse cultural fabric and youthful population projected to dominate the global workforce by 2100, faces escalating cyber risks amidst rapid technological advancements. Challenges, including limited resources, inadequate cyber awareness, and economic constraints, marked the continent’s cybersecurity landscape in 2023. “This shows the need to strengthen cybersecurity readiness given the critical development requirements.”
Kenya (76), Nigeria (75), and Ghana (74) lead the charge in cybersecurity readiness, showcasing robust strategies backed by local governments. Ghana’s significant progress in cybersecurity, evidenced by its climb in the Global Cybersecurity Index, reflects the region’s commitment to cybersecurity excellence.
“With a security culture score of 72, it’s important to address the findings from a separate survey (https://apo-opa.co/44upwDi) on generative AI (GenAI) adoption by organisations in South Africa,” adds Collard. “That survey identified regulatory gaps and a lack of training in countering AI-generated misinformation, highlighting the need for regulations, training programmes, and partnerships to tackle cyber threats such as deepfakes, especially during the upcoming crucial governmental elections.”
The South African Council for Scientific and Industrial Research (CSIR) expects an increase in cyber attacks targeting important infrastructure and government bodies in the coming weeks until South Africans go to the polls. “This highlights the urgent need for stronger cybersecurity measures to protect both public and private sectors, communities, and national economies,” says Collard. “As organisations adapt to the changing cybersecurity environment, promoting a culture of awareness, education, and proactive risk management will be vital in enhancing cyber resilience throughout Africa.”
The security culture score is a global measure used to evaluate organisations based on their approach to security, explains Javvad Malik, Lead Security Awareness Advocate at KnowBe4. “This score reflects how much importance different entities worldwide place on cybersecurity within their organisational culture. In today’s interconnected world, where a mobile device in a remote area can access sensitive accounts, working in isolation on security is no longer effective,” adds Malik. “Collaboration between governments and regulators is essential not just for creating laws but also for demonstrating practical ways to strengthen security culture. Organisations need to prioritise the human element of cybersecurity by focusing on continuous awareness and training efforts rather than relying solely on technological solutions,” Malik concludes.
For the full security culture report covering Africa, click here (https://apo-opa.co/3Wr5p7a). For the comprehensive report covering Africa and five other global regions (North America, South America, Europe, Asia, and Oceania), click here (https://apo-opa.co/3Wx9hng).
