Overcoming Complexity: How Africa’s Firms Are Approaching Unique Cyber Strategies In Our Unique Digital World

As organisations across Africa navigate economic volatility, socio-political complexity, and the rising cost of living, investment in cybersecurity has become an increasingly vital yet challenging endeavour. With a talent gap looming over the continent, organisations are struggling to safeguard their operations from growing cyber threats. And so based on insights from the recent Liquid C2 Report, today we would like to explore how the continents biggest brands and emerging enterprises are addressing these challenges. 

1. The Cybersecurity Talent Shortage: A Pressing Challenge 

A key issue across the continent is the severe shortage of qualified cybersecurity professionals. The Africa Center for Strategic Studies reports a growing gap of 100,000 certified cybersecurity professionals. However, the full magnitude of this gap is difficult to measure, as there is no consistent data on how much African governments invest in cybersecurity. This talent deficit poses a critical risk as organisations strive to protect their digital infrastructures with limited human resources. 

2. Cybersecurity Investments Amid Financial Constraints

While many African organisations are investing in cybersecurity, the current economic landscape makes these efforts increasingly difficult. Countries like South Africa, where financial pressures are high, are grappling with the challenge of maintaining cybersecurity investments in the face of shrinking budgets. The pressure is even greater as these organisations are expected to meet rising global security standards despite the lack of expertise and resources.

According to the Liquid C2 Report, when asked whether they had hired cybersecurity personnel or contracted a cybersecurity team in the past year, 68% of organisations responded affirmatively. Kenya led the way, with 82% of companies hiring cybersecurity staff, followed by South Africa (63%) and Zambia (62%). These numbers indicate that, despite the challenges, there is a growing recognition of the need to strengthen cybersecurity measures.

3. Budget Allocation to Cybersecurity

The report also revealed interesting trends in how IT budgets are being allocated to cybersecurity. In 2020, 25% of companies allocated more than 15% of their IT budgets to cybersecurity, a figure that rose to 30% in 2021 but dropped sharply to 18% in 2022. This decline is concerning, especially given the increasing severity of the cyber threat landscape. The report suggests that a minimum of 15% – and up to 20% – of IT budgets should be dedicated to cybersecurity to adequately manage the risks posed by evolving threats.

For most companies, the common range of IT budget allocation to cybersecurity falls between 11% and 15%. This investment level has remained relatively stable, growing slightly from 29% in 2020 to 33% in 2022. However, with the threat landscape becoming more complex, this allocation may not be sufficient to protect against significant cyber risks.

4. Cybersecurity Spending Per Employee

The average spend on cybersecurity per employee has also seen notable growth in specific regions. In South Africa, the average spend per employee rose to over R250 per month in 2022, marking a 31% increase from the previous year. Kenya also saw a measurable increase in sectors like banking, finance, communication, agriculture, and manufacturing, where companies are now spending an average of $50 or more per employee per month.

In contrast, Zambia displayed a more uncertain picture, with 48% of companies unable to specify their cybersecurity spending per employee. Only 14% reported spending between $15 and $50 per employee per month, reflecting a more cautious approach to cybersecurity investment, possibly due to limited resources or awareness of the growing threats. 

5. What Lies Ahead for Cybersecurity Investment in Africa

As the cyber threat landscape continues to evolve, African companies must prioritise investment in both technology and talent to protect their operations. The Liquid C2 Report emphasises the need for a significant portion of the IT budget—at least 15%—to be dedicated to cybersecurity, especially as the cost of a successful cyberattack could far outweigh the investment required to prevent it.

Countries like Kenya and South Africa are leading the way, but a more concerted effort is needed across the continent to address the growing cybersecurity talent shortage and ensure that organisations are resilient in the face of evolving threats. Despite tight economic conditions, the importance of sustained investment in cybersecurity cannot be overstated.

However, with all this in mind, the question still remains: Can and will governments, businesses, and educational institutions come together to close the cybersecurity talent gap and drive sustainable investment in this critical area? Time shall tell.