Cybercrime: West African banks are under-protected

In depth
This article is part of the dossier: Cyber surveillance: a new market, with old clients

By El Mehdi Berrada, in Casablanca
Posted on Friday, 31 January 2020 13:23, updated on Wednesday, 21 July 2021 12:07

The digital revolution will be one of the driving forces behind the continent's development - and it needs protecting. © Wikimedia Commons/Colin

According to analysts from the Morocco-based firm Dataprotect, sub-Saharan African banks are particularly vulnerable to cyberattacks (bank card fraud, phishing, intrusions, etc.), mainly due to a lack of qualified technicians and investment in cybersecurity.

This is part 4 of a 4-part series.

While cybercrime is estimated to cost Africa €3.5bn, compared to €528bn worldwide, this does not at all mean that Africa fares better in handling cybersecurity challenges than other continents. According to analysts from the Moroccan firm Dataprotect, founded by Ali El Azzouzi, the opposite is actually true.

They examined the cybersecurity environment of 148 banks from the eight UEMOA member states and three Central African countries, including Gabon, the Congo and the Democratic Republic of Congo. 21 banks directly or indirectly participated in the survey entitled ‘Banking Fraud in sub-Saharan Africa’.

More than 85% of these financial institutions reported that they have already fallen victim to at least one cyberattack resulting in losses, and some faced recurrent attacks. Thirty percent of these cyberattacks involved bank card fraud, while one-third involved phishing, i.e., emails sent with the intention of tricking people into divulging their personal information.

The third most common target of cyberattacks, accounting for 24% of all cases, is core banking, meaning viruses and intrusions affecting information systems. In addition, the banks are impacted by information leakage, identity theft, money transfer fraud and fake check scams.

Increasing, yet still insufficient, investment

“Clearly, African banks are dealing with professional criminals,” said Ali El Azzouzi’s teams, which estimate that for the area covered by the survey, only 6% of incidents are detected by cybersecurity staff at the financial institutions. Even when incidents are detected, they are not systematically disclosed by the institutions concerned, thereby making the financial impact of cyberattacks on the continent hard to assess.

The estimated losses of the banks reporting financial information concerning cyberattacks amount on average to €770,000 over the past few years. However, Dataprotect analysts suggest that each computer infected by malware costs companies €9,000 on average. “This amount can increase fast if the attack is not contained,” they said.

Eighty-five percent of the banks surveyed by Dataprotect said they invest at least €500,000 a year to address cybersecurity threats, while 50% reported investing between €100,000 and €500,000 a year. An Orange Cyberdefense report published in 2018, “African investment in cybersecurity,” forecasted that the African cybersecurity market would grow from €1.5bn in 2017 to more than €2.2bn in 2020.

A mainly outsourced segment

Although on the rise in recent years, cybersecurity investment remains very low given the losses sustained. According to Dataprotect’s report, “Cybersecurity investment must be proportional to the information risk incurred by the business. Companies in the financial sector are most at risk.”

From an operational perspective, 55% of financial institutions outsource their cybersecurity needs, arguing that doing so allows them to focus on their core business. Outsourcing also resolves the issue of finding and hiring qualified technicians, a problem faced by more than 85% of the banks surveyed.

The report underlined that “cybersecurity experts are often reluctant to work for a company in which they are professionally isolated and have no advancement opportunities in the field” and added that only 20% of the institutions surveyed are taking the matter seriously and addressing it from all angles.

While vigilance does not protect businesses completely, it does prevent the vast majority of intrusions. The Dataprotect report concludes that the remaining 80% of institutions “are operating blindly in a high-risk area and, once attacked, they will suffer the most losses.”

The Morocco-based information security firm currently operates in more than 35 countries and has over 500 clients, including 100 banks, in Africa, Europe, the Middle East and Asia. The company reported revenue of more than 110 million dirhams (€10m).

Understand Africa's tomorrow... today

We believe that Africa is poorly represented, and badly under-estimated. Beyond the vast opportunity manifest in African markets, we highlight people who make a difference; leaders turning the tide, youth driving change, and an indefatigable business community. That is what we believe will change the continent, and that is what we report on. With hard-hitting investigations, innovative analysis and deep dives into countries and sectors, The Africa Report delivers the insight you need.

View subscription options
Also in this in Depth:

Inside Africa’s increasingly lucrative surveillance market

Dozens of journalists, human rights activists and business leaders were tapped via Israeli software by Moroccan, Saudi, Togolese and Rwandan intelligence services. The revelations of the investigation by a consortium of 17 international media exploded on Sunday 18 July. The company NSO, which designed the Pegasus spyware and distributes it, denied the allegations that which it described as "false".

Surveillance: the ultra-secure phones of Africa’s presidents

Well aware of the surveillance capabilities of major companies in the sector, Africa’s heads of state try to make their phones as secure as Fort Knox. Every leader is geared up and takes extra precautions to prevent the ever-looming risk of being tapped. We take a look at the phones used by Africa’s presidents and politicians’ practices.

Cameroon: Israel looks after Paul Biya’s security with elite forces

From communication interception technology to physical security, Cameroon’s state security market is entirely in the hands of Israelis.