Organisations across sub-Saharan Africa are losing millions of dollars each year to cyberextortion, such as ransomware and other cyberattacks.

A new report by security awareness training platform KnowBe4 and the Industrial Development Corporation (IDC), ‘The Impact of Cyberextortion on Africa’, reveals that, unless local organisations drastically improve their cybersecurity strategies and security cultures, the losses will grow over time.

Data leaks, insider threats, malicious emails and targeted attacks continue to seriously impact on business security in the region, says KnowBe4 Africa content strategy senior VP and evangelist Anna Collard.

According to the report, data leakage (61%); insider threats (43%); targeted attacks using phishing (37%); cloud-related attacks (34%); and ransomware attacks (30%) are among the top threats facing organisations in sub-Saharan Africa.

Globally, the top threats include business email compromise, cloud misconfigurations, software supply chain attacks and noncompliance, while phishing or social engineering attacks remain the second most common type of cybercrime and are evolving in terms of technique and success rates.

“The volume of threats facing organisations in Africa has grown exponentially over the past few years and there is a clearly visible linear relationship between the continent’s gross domestic product and cybercrime – as one increases, so does the other.”

Increasing investments in cloud, the Internet of Things (IoT), connectivity and digital solutions are increasing the risks, alongside the digital benefits, with the report indicating that nearly 60% of sub-Saharan African organisations plan to raise connectivity and IoT use cases over the next 12 months.

However, only about a third, or 17, of Africa’s 54 countries have completed a national cybersecurity strategy, which opens up the threat landscape considerably and places organisations at greater risk.

The report shows that 43% of organisations in sub-Saharan Africa are focusing on security for cloud migration, 40% on strengthening secured access for a distributed workforce and 36% on strengthening customer trust in digital services.