Cyberattacks on businesses across South Africa, Kenya and Zambia increased significantly during 2022, despite more cybersecurity measures being implemented, a new report by pan-African technology group Liquid Intelligent Technologies business Liquid C2 has found.

The number of cyberattacks on businesses across the three countries increased by an average of 76%, with Kenyan businesses reporting an 82% increase in such attacks, South African businesses recording a 62% increase and Zambian businesses experiencing a 62% increase, according to the ‘Evolving cybersecurity landscape in Africa 2022’ report.

“The biggest concern emerging from this report is that companies are saying that they have put a lot more cybersecurity controls in place. “With threats evolving faster than security systems, companies cannot afford to get complacent,” says Liquid C2 CEO David Behr.

The report, featuring research, analysis and findings across the three countries on the evolving cybersecurity threats, highlighted that businesses need to remain consistently vigilant about the ever-evolving cybercrime landscape and the methods malicious actors use to breach cybersecurity measures.

By understanding the threat landscape and how these threats keep evolving in each region, it is vital for businesses to adapt their security postures while aligning with budgets and spending, the report noted.

“We believe Africa is rapidly evolving and we have got an opportunity to leapfrog certain parts of the world from a cybersecurity posture and what we do regarding cybersecurity,” says Liquid C2 COO Winston Ritson, noting that, for any business operating in the digital space, it is far better to actively invest in cybersecurity than to recover from a breach.

According to the report, all respondents had significantly advanced their cloud and digital strategies and cybersecurity capabilities, while 68% said that they had appointed cybersecurity staff members or signed up with a cybersecurity team in the past year. Kenya had the highest percentage at 82%, followed by South Africa at 63% and Zambia at 62%.

However, Behr points out that, according to the research, over half of all large enterprises in the three countries were victims of a successful cyberattack, with 90% of them being Kenyan businesses.

“Increasingly sophisticated methods like cybercrime-as-a-service are becoming more popular in Africa, meaning businesses can no longer rely on outdated technologies and processes.

“It is time they invested in a partner that provides 24/7/365 protection, rapid response, threat intelligence and prevention, compliance and improved business reputation, all designed to cater to the specific needs of businesses,” he adds.

The most common method of attack, at 61%, used by cybercriminals was through email, using phishing or spam attacks, with attacks through compromised passwords following at 48% and data breaches and attacks at 44%.

About 61% of the companies responding to the research said that the breaches to their operations occurred as a result of remote or hybrid working.

Further exacerbating the challenge is Africa’s growing 100 000-person gap in the number of certified cybersecurity professionals.

Ritson points out that, in addition to very few Africa-based investigation reports or cybersecurity insight, there are few cybersecurity specialists or the skills necessary to properly engage with information technology and identify and quantify the threats clearly.

The ‘Evolving cybersecurity landscape in Africa 2022’ report estimated that there are only 7 000 certified cybersecurity professionals, or one for every 177 000 people on the continent.

“However, this number may disguise the true magnitude of the problem as there is no readily available data on the level of investment made by African governments into cybersecurity,” Behr adds.

The report underlines the increasing need for companies to invest in cybersecurity measures to avoid reputational damage, financial loss and potential business interruptions.

Additionally, it reinforces how vital it is for organisations to collaborate with trusted third-party managed security service providers to implement and refine their cybersecurity strategies.

“What we also want to see is decision- makers undertake risk mitigation strategies, invest in cybersecurity and engage very closely with government around the policies to ensure that the government and relevant regulatory umbrella protects the business, their investments and, in turn, their customers,” Ritson concludes.