What are the cybersecurity challenges for the African Financial Sector?

What are the cybersecurity challenges for the African Financial Sector?

by Jean-Louis Perrier.

More than often, cybercrime reports prepared by private or public actors bypass Africa. This lack of information and consolidation is crippling data-based decision-making regarding the necessary human, financial and collaboration investments urgently needed to overcome the cybersecurity gap of the continent.

The African Financial sector is strongly exposed to cyber threats but more and more aware of the risk situation

Some recent analysis confirmed that while the continent’s financial sector is, unfortunately but quite logically, targeted by global threats and international criminal organisations, larger financial institutions and policymakers have recently become more and more aware of the risk situation. We have extracted three of them.

Some frightening, but partial, figures

The “Timeline of Cyber Incidents Involving Financial Institutions” from Carnegie Endowment for International Peace think tank is an interesting compilation of significant and public breaches, although partial, as many institutions on the continent do not disclose cybersecurity breaches. Nevertheless, a deep dive for Africa reveals that at least 8 large-scale attacks have been recorded in the last years, with costs reaching tens of millions of US dollars. Although a number of these attempts finally failed, it demonstrates the attractiveness and Return On Investments for criminal organisations are real:

The point of view of financial regulators

The second study is entitled “The Global Covid 19 FinTech Regulatory Rapid Assessment Study” has been published end of 2020 by the World Bank Group and the Cambridge Centre for Alternative Finance from the University of Cambridge. The researchers analysed answers from 118 financial regulatory authorities in 114 jurisdictions between June and August 2020, with 66% of respondents from emerging market and developing economies, in particular Sub Saharan Africa. Interestingly, and this goes beyond Covid, 73% of respondents in emerging market and developing economies highlighted cybersecurity among their top 3 increasing risks versus 90% in advanced economies. There is a quite recent understanding of the potentially huge consequences of cyber threats, as an Asia Pacific regulator stated: “On systemic risk, a targeted cyber-attack…or some other forms of external threat on a major FinTech company has the potential to disable large parts of the economy without notice.”

The point of view of financial institutions

Lastly, EY published “11th annual EY/IIF global bank risk management survey” stating that cybersecurity is the second risk garnering Chief Risk Officer and board attention over the next 12 months for 80% of Chief Risk Officers, after credit risk, which is business as usual for the financial sector. Cyber risks have now become business as usual for the sector.

Still, losses for the African Financial sector are not accounted for consistently and systematically, cybersecurity awareness is very heterogeneous, new solutions and mechanisms are called up urgently

  • African financial sector is clearly not immune to cyber threats and already suffers large losses, but there are no instruments to appropriately gather, analyse, consolidate and disseminate figures at a regional scale; small or medium institutions’ breaches and losses are simply not reported;
  • The continent’s supervisors and regulators awareness is rising, as they are generally quite well informed of the local situation even if the regulation may be incomplete or in progress, in particular
  • for microfinance and fintech, and lacks regional coordination to face borderless threats;
  • While most larger financial institutions understand well the challenges, they may miss the skills and sectoral threat intelligence collaboration framework to implement efficient action plans;
  • Several thousands small or medium-sized financial institutions, Fintechs or financial inclusion actors still have a long way to go, starting from more comprehensive sectoral data on threats to feed board’s awareness.

Did you like this article addressing the cybersecurity challenges for the African Financial sector?

Find out more right here!