DON'T MISS : Talking Africa New Podcast – Nigeria's Toyin Sanni on investing without a safety net

Cybercrime: West African banks are under-protected

In depth
This article is part of the dossier: Cyber surveillance: a new market, with old clients

By El Mehdi Berrada, in Casablanca
Posted on Friday, 31 January 2020 13:23, updated on Tuesday, 11 February 2020 10:19

The digital revolution will be one of the driving forces behind the continent's development - and it needs protecting. © Wikimedia Commons/Colin

According to analysts from the Morocco-based firm Dataprotect, sub-Saharan African banks are particularly vulnerable to cyberattacks (bank card fraud, phishing, intrusions, etc.), mainly due to a lack of qualified technicians and investment in cybersecurity.

While cybercrime is estimated to cost Africa €3.5bn, compared to €528bn worldwide, this does not at all mean that Africa fares better in handling cybersecurity challenges than other continents. According to analysts from the Moroccan firm Dataprotect, founded by Ali El Azzouzi, the opposite is actually true.

They examined the cybersecurity environment of 148 banks from the eight UEMOA member states and three Central African countries, including Gabon, the Congo and the Democratic Republic of Congo. Twenty-one banks directly or indirectly participated in the survey entitled “Banking Fraud in sub-Saharan Africa.”

More than 85% of these financial institutions reported that they have already fallen victim to at least one cyberattack resulting in losses, and some faced recurrent attacks. Thirty percent of these cyberattacks involved bank card fraud, while one-third involved phishing, i.e., emails sent with the intention of tricking people into divulging their personal information.

The third most common target of cyberattacks, accounting for 24% of all cases, is core banking, meaning viruses and intrusions affecting information systems. In addition, the banks are impacted by information leakage, identity theft, money transfer fraud and fake check scams.

Increasing, yet still insufficient, investment

“Clearly, African banks are dealing with professional criminals,” said Ali El Azzouzi’s teams, which estimate that for the area covered by the survey, only 6% of incidents are detected by cybersecurity staff at the financial institutions. Even when incidents are detected, they are not systematically disclosed by the institutions concerned, thereby making the financial impact of cyberattacks on the continent hard to assess.

The estimated losses of the banks reporting financial information concerning cyberattacks amount on average to €770,000 over the past few years. However, Dataprotect analysts suggest that each computer infected by malware costs companies €9,000 on average. “This amount can increase fast if the attack is not contained,” they said.

Eighty-five percent of the banks surveyed by Dataprotect said they invest at least €500,000 a year to address cybersecurity threats, while 50% reported investing between €100,000 and €500,000 a year. An Orange Cyberdefense report published in 2018, “African investment in cybersecurity,” forecasted that the African cybersecurity market would grow from €1.5bn in 2017 to more than €2.2bn in 2020.

A mainly outsourced segment

Although on the rise in recent years, cybersecurity investment remains very low given the losses sustained. According to Dataprotect’s report, “Cybersecurity investment must be proportional to the information risk incurred by the business. Companies in the financial sector are most at risk.”

From an operational perspective, 55% of financial institutions outsource their cybersecurity needs, arguing that doing so allows them to focus on their core business. Outsourcing also resolves the issue of finding and hiring qualified technicians, a problem faced by more than 85% of the banks surveyed.

The report underlined that “cybersecurity experts are often reluctant to work for a company in which they are professionally isolated and have no advancement opportunities in the field” and added that only 20% of the institutions surveyed are taking the matter seriously and addressing it from all angles.

While vigilance does not protect businesses completely, it does prevent the vast majority of intrusions. The Dataprotect report concludes that the remaining 80% of institutions “are operating blindly in a high-risk area and, once attacked, they will suffer the most losses.”

The Morocco-based information security firm currently operates in more than 35 countries and has over 500 clients, including 100 banks, in Africa, Europe, the Middle East and Asia. The company reported revenue of more than 110 million dirhams (€10m).

Also in this in Depth:

Cameroon: Israel looks after Paul Biya’s security with elite forces

From communication interception technology to physical security, Cameroon’s state security market is entirely in the hands of Israelis.

Surveillance: the ultra-secure phones of Africa’s presidents

Well aware of the surveillance capabilities of major companies in the sector, Africa’s heads of state try to make their phones as secure as Fort Knox. Every leader is geared up and takes extra precautions to prevent the ever-looming risk of being tapped. We take a look at the phones used by Africa’s presidents and politicians’ practices.

Inside Africa’s increasingly lucrative surveillance market

Africa’s “cloak-and-dagger” market is growing. Heads of state, opposition members, businesspeople: no one is safe from hackers and taking protective measures against them is a tall order. We take an in-depth look at this highly profitable shadow war.

We value your privacy

The Africa Report uses cookies to provide you with a quality user experience, measure audience, and provide you with personalized advertising. By continuing on The Africa Report, you agree to the use of cookies under the terms of our privacy policy.
You can change your preferences at any time.