- Employees in small and medium-sized businesses across Africa are more likely to fall to phishing than the global average.
- KnowBe4 believes that this is because African businesses do not perceive cybersecurity awareness as a business essential, due to the many challenges African countries face.
- But their latest report shows that training can decrease the likelihood of falling to phishing significantly over time.
Africa is facing some of the most daunting challenges in the world, with limited resources, urgent humanitarian and developmental needs in many regions, energy crises, widespread poverty and some of the highest unemployment rates in the world.
Anna Collard, SVP of Content Strategy of KnowBe4, believes that these challenges may be why the continent is seeing a fresh wave of cybercrime crash across small and medium-sized businesses in the last few years.
Simply put, African companies have more to worry about than what Collard deems “non-business critical tasks” such as promoting a cybersecurity culture among employees.
Aside from being more diverse in culture, language and economic status than other continents, it is because of this lack of cybersecurity awareness that employees in Africa are more likely to click on a malicious link than employees in other continents (36.7 percent compared to the worldwide average of 34.3 percent.)
“This marks an increase from the previous year’s report,” said Collard.
KnowBe4, a worldwide cybersecurity awareness and training firm, analysed 54 million simulated phishing tests involving nearly 12 million users across 5 675 organisations in 19 different industries, establishing a baseline percentage of how prone employees were to fall to phishing.
Although this baseline percentage varied greatly across African sectors and countries, the findings in the 2024 edition of the Phishing by Industry Benchmark Report (PDF) still show the effectiveness of combining simulated phishing security tests with security awareness training.
Collard says that organisations in African countries that engaged in consistent training and testing experienced a significant decrease in their average phishing-prone baseline, down to 22 percent within the first 90 days, and a further reduction to 5.9 percent after a year of continuous training and testing.
“At least in theory, employees in African countries are more vulnerable to falling victim to cybercrime. This emphasises the need for organisations to focus on mitigating the human risk that exists when safeguarding against cyber threats,” she explained.
The improvement over the year, however, is evidence that transforming cybersecurity culture requires breaking existing habits to make way for more secure ones.
“As employees embrace new behaviours, they become engrained, evolving into standard practices that shape organisational culture and create a workforce that instinctively prioritises security,” Collard added.
For the future, Collard believes that cybersecurity challenges across Africa require a combination of regulation, guidelines and security awareness training, especially to begin addressing phishing and new issues like deepfakes.
“More public-private partnerships are essential to build capacity, address the skills shortage, and improve resilience in the digital world. Investing in Africa’s youth and providing cybersecurity training opportunities can fill the skills gap and also address youth unemployment.”
