Africa faces rising cyber threats

by AKANI CHAUKE
JOHANNESBURG – AFRICAN organisations are facing an unprecedented surge in cyber threats, with businesses experiencing an average of 3,153 cyberattacks per week—significantly higher than the global average.

As the continent accelerates its digital transformation, particularly in financial technology, the stakes have never been higher.

From national institutions to major enterprises, attacks on entities such as South African Airways, Kenya Urban Roads Authority, Telecom Namibia and the Bank of Uganda highlight the scale and sophistication of the threat landscape.

At the same time, Africa’s fintech ecosystem continues to expand rapidly, driven by mobile money adoption and financial inclusion.

Yet this growth brings increased exposure. According to Mandla Mbonambi, Chief Executive Officer (CEO) of Africonology, security must be embedded from inception.

“Fintechs that treat security as a late quality assurance step tend to face higher breach risks, delayed launches and failed audits,” he explains.

“Security-by-design models are a far better approach… embedded in digital transformation rather than as bolt-on added extras.”

Across Africa, fintech developers must assume that every design decision carries regulatory and security implications.

From data flows and application programming interfaces (APIs) to identity systems and user interfaces, early threat modelling is essential to identify risks such as fraud, account takeovers and data breaches before development begins.

This approach extends to secure coding practices, including encryption, strong key management, identity and access management (IAM), and multi-factor authentication.

Increasingly, compliance is also being automated through frameworks such as Payment Card Industry Data Security Standard (PCI DSS), System and Organisation Controls 2 (SOC 2), International Organization for Standardization 27001 (ISO 27001), Protection of Personal Information Act (POPIA), General Data Protection Regulation (GDPR), and Digital Operational Resilience Act (DORA).

“DevSecOps isn’t a new concept, but it is now crucial,” Mbonambi adds. “You’re moving security to the heart of development.”

With 46 African countries now enforcing data protection laws, compliance is continuous.

Africa has led global innovation in mobile finance; now it must lead in cybersecurity resilience as well.

– CAJ News