Some 75 percent of companies encountered challenges in recruiting and retaining qualified cyber professionals and only one in three had access to a sufficient talent pool.
This was according to the KPMG’s Africa Cyber Security Outlook 2022 Survey: Addressing Cybersecurity: Africa’s economic opportunity report, which was released yesterday and identified key areas of focus for Africa.
This included the integration of cyber security into core business strategy, more robust and risk focused regulation, proactive threat identification and defence and a focus on the cyber talent pool.
John Anyanwu, a partner and head of Cyber Security at KPMG Nigeria & Africa Cyber lead, said more than 50 percent of businesses that have recently fallen victim to cybercrime, still lacked confidence in the effectiveness of their cyber security incident response team’s action during a major cyber security incident.
Due to this, there was no doubt that a new focus on building cyber skills was critical with the need for highly specialised cyber security resources with skills for cyber leadership, and securing and testing systems to be prioritised.
Despite this however, some industries were well geared towards cyber skills, with the highest percentage of adequate skills being in the manufacturing (48 percent) and energy and resources sector (47 percent) sectors, followed by the fast moving consumer goods and ICT sector.
The financial services and public sector have been prime targets for cyberattacks and demonstrated an acute demand for cyber resources, largely due to the high level of regulatory oversight required.
While there was currently a shortage, there was no doubt that Africa was taking this seriously with 55 percent planning on recruiting cyber security resources in the next 12 months, with 58 percent planning to onboard at least 1-2 resources and 25 percent looking at 3-5 resources.
“We need to change the way we recruit in this sector by improving the recruitment process and requirements, looking at non-traditional degrees, offering competitive salaries and of course looking at external collaborations with educational institutions to build skills, develop in-house talent and outsourcing of skills to those in the know. Without this shift, we may be left behind,” Anyanwu said.
Leaders in organisations are making significant efforts to secure the processing of data across the expanding digital landscape, according to Marcelo Vieira, a partner and head of Cyber Security for KPMG South Africa.
He said yesterday that as organisations underwent digital transformation, it was crucial that they envision data protection and privacy as a key strategic component.
“We are starting to see a massive shift across the African continent,” Vieira said.
The report found that cyber strategy in Africa is more mature than ever before, with 75 percent of companies having strategies that are either regularly refreshed or have been built in alignment with the organisation’s threat profile with measurable KPIs.
Furthermore, 61 percent of companies had implemented a clear data protection/governance approach, with 80 percent reporting the establishment of robust frameworks and well-defined strategies to mitigate security and privacy risks.
Interestingly, the report also highlights that organisations in Africa with a global footprint had been able to achieve more clarity in strategic cyber security direction compared with those operating solely within Africa. Similarly, those that operated across multiple countries in Africa had established clearly defined frameworks and strategies compared to organisations with presence in only one country.
Vieira said that irrespective of organisational size, companies were working to ensure data privacy and protection to build trust and safeguard consumer privacy. Organisations that reported having a mature approach to cyber security strategy have been subject to half the number of cyber incidents reported across organisations that have not proactively dealt with cyber strategy.
“Organisations must build commensurate confidence in the overall cyber awareness and incident response function to drive digital trust and positively influence consumer perception. To ensure cyber readiness, organisations need to develop a strong security framework covering technical and human-focused defence/response strategy,” Vieira said.
“In fact, the stats speak for themselves where 46 percent of those that don’t have a standard approach to data protection, privacy and cyber security fell victim to cyberattacks, compared to 28 percent who have robust security in place.”
The survey, which unpacked the state of cyber security across the continent, highlighted that the cyber landscape in Africa was highly dynamic and rapidly evolving, propelled by widespread digitisation and matched by adequate investments in protecting assets and data from cyber threats. Some 74 percent of Africa’s large companies reported a relatively mature approach to privacy and cyber security.
BUSINESS REPORT