A talent shortfall threatens cybersecurity in Africa

In the labyrinth-like cyberspace, where threats and data breaches are at virtually every nook, cybersecurity specialists are the unsung modern day heroes. Cybercrime costs the world trillions of dollars annually; the stakes have never been higher.

Amidst the escalating menace is a glaring disparity. Africa, home to one of the world's fastest-growing internet populations, struggles with an insufficiency of cybersecurity workers.

Per the International Telecommunication Union (ITU), the continent is projected to account for over 25% of global internet users by 2025, growing 7.7% annually. This exponential rise is not met with a proportional increase in cybersecurity expertise.

The World Economic Forum (WEF) reports that over 60% of organizations in Africa cite a lack of skilled cybersecurity professionals as a significant obstacle to effectively addressing cyber threats.

During an afternoon panel discussion at the just-concluded Africa Cloud and Security Summit by CIO Africa held in Lagos, Nigeria, this hotly pressing drawback as concerns safeguarding a growing digital infrastructure from bad actors—the lack of adequately skilled personnel—took front and center. 

The Summit, which convened top tech executives, policymakers, cybersecurity professionals, and banking insiders, brought to light the increased urgency to look into the talent gap in readiness against cyber threats currently facing organizations and individuals in the region. 

The talk on the topic "Bridging the Cybersecurity Talent Gap" had industry leaders touch on the impact of the deficit on Africa's capacity to defend its tech bubble against cyberattacks. Rapid digitization, stemming from increased reliance on cloud solutions, means the demand for skilled cybersecurity experts is now higher than ever. 

Moderated by Rahmat Lasisi, Associate Manager at Verraki Africa, the panel, in a room also comprising CIOs, CISOs, and senior IT execs, having addressed some of the root causes of the problem—particularly the absence of cybersecurity education—proffered strategies: recruiting, training, and up-skilling next-gen industry hands. 

Iyanuoluluwa Dada-Akinteye, Director Director, IOA Integrations and Solutions, pointed to "channeling portions of oversized marketing dollars into getting people capable of detecting attacks before they crystallize. It is important to train people within your environment because employees ought to be the first line of defense." 

Christopher Odutola, Solutions Engineer at the West African outpost of British security software and hardware company Sophos, on his part, emphasized the need for tailored approaches to address the challenges faced by African countries in nurturing cybersecurity talent.

Recent years have seen a substantial increase in cybercrime across the world. Data from Positive Technologies say the total number of successful attacks has more than doubled over the past 5 years. Africa is no exception; in Q2 2023, it experienced the highest average of cyberattacks per week per organization—a 23% jump in comparison to Q2 2022. 

These cyberattacks take tolls on not just businesses but also government-affiliated institutions, many of whom have suffered the theft of sensitive data and funds. In 2022, the region's lackluster preparedness for the cyberthreat pandemic cost its countries no less than 10% of their GDP, according to the Economic Commission for Africa (ECA). 

An assessment conducted by the African Union Commission (AUC) and the United Nations Development Program (UNDP) found that African nations had an average cybersecurity competence of 0.21 out of 1. The survey also revealed that less than 40% of them have a computer emergency response team (CERT). 

However, the problem is not peculiar to the continent. Globally, four million workers are needed in the cybersecurity industry. Come 2030, the shortage could swell to 85 million. 

On the sidelines of the event, Bendada.com caught up with Odutola, who has 18 years of experience in the technology sector, to ascertain priorities when it comes to bridging the talent gap in an industry that is already exposed to fraud attacks. His response began with citing a major problem: the skilled leaving for greener pastures. 

"When the competent ones go, those left take time to acclimatize to the system. As such, we need to train a lot more people to fill the gap. Organizations need to invest in the pipeline and give room for hands-on learning. An alternative is outsourcing to OEMs that have pools of technical capabilities," he said. 

Is this the kind of situation where artificial intelligence can also come in? "Yes," Odutola asserted. "Some security tasks outsourced to third parties are handled by AI. The technology makes it easier by helping with processing huge amounts of data that could lead to personnel fatigue".