You are currently viewing Cybersecurity in Sub-Saharan Africa: experts discuss ransomware and the path to strengthening policies and skills

Cybersecurity in Sub-Saharan Africa: experts discuss ransomware and the path to strengthening policies and skills

As part of the Digital Transformation with Africa side event during the Africa Tech Festival in Cape Town, a high-level panel explored the critical issue of cybersecurity in Sub-Saharan Africa. Titled “Cybersecurity in Sub-Saharan Africa: Addressing Ransomware through Policy and Skill Development,” the discussion centered on how the region can better tackle the growing threat of cyberattacks, with a focus on ransomware, while strengthening its policy frameworks and technical skills. This panel formed part of the broader event theme, “Accelerating Digital Transformation in Africa through US-Africa Partnerships.”

The panel brought together experts from industry, government, and the private sector, including Charmaine Houvet, Senior Director of Government Affairs for Africa at Cisco Systems; Selene Giupponi, Managing Director for Europe at Resecurity Inc.; Evalyn Oloo, CEO of AcyberSchool and Senior Trade Technical Advisor at USAID; and Jabu Sibanyoni, Head of Solutions Architecture at Amazon Web Services, with moderation by Lisa Coppe, Senior Manager for Sub-Saharan Africa at the U.S. Trade and Development Agency.

Key cybersecurity challenges: Ransomware, Phishing, and Malware

The discussion opened with a focus on the rising cyber risks faced by African organizations, with ransomware identified as a major threat to both public and private sectors. Panelists noted the growing number of attacks targeting African businesses and governments, but also stressed that ransomware, while dangerous, is largely preventable with effective cybersecurity policies and proactive security practices.

Charmaine Houvet emphasized the importance of collaboration between the private and public sectors to strengthen Africa’s cybersecurity resilience. “The private sector has crucial skills and resources that can help governments build stronger cybersecurity frameworks. It’s vital that we collaborate to create solutions that are scalable across the continent,” she said.

The speakers highlighted the ongoing challenge of human error, especially through phishing attacks, which continue to be one of the biggest vulnerabilities for organizations. “While malware and ransomware evolve, the real weak point remains people—the individuals who fall victim to phishing scams or social engineering tactics,”they explained.

Building Capacity and reforming Policies

The panelists agreed that building technical capacity in Africa’s cybersecurity workforce is a critical step toward addressing these threats. Evalyn Oloo underscored the importance of developing both awareness and technical skills to safeguard organizational assets and protect individuals from cyberattacks. “Cybersecurity cannot function in isolation. It’s imperative that governments, businesses, and educational institutions work together to build a skilled workforce capable of tackling emerging threats,” she said.

The experts also stressed the need for stronger enforcement of cybersecurity policies, and emphasized that public and private sector collaboration is essential for more effective policy implementation. “There is a gap in the enforcement of cybersecurity regulations in many African countries,” said Selene Giupponi. “Policymakers must take a proactive approach to ensure that regulations are robust and that the necessary tools are in place for governments to manage and mitigate cyber risks.”

Enhancing technology and regulatory frameworks

The panel also delved into the technological needs of the region, with a particular focus on integrating security by design into digital infrastructure. Evalyn Oloo highlighted the need for Africa to adopt secure technologies powered by Artificial Intelligence (AI), particularly in critical sectors like healthcare and infrastructure. “AI can be a powerful tool in securing vital systems, but it must be incorporated from the start of the design process to be effective,” she said.

The panelists also discussed the importance of securing the digital supply chain and ensuring better privacy standards through industry-academia partnerships. “Universities and research institutions are critical partners in cybersecurity education and awareness,” said Lisa Coppe. “These partnerships can help create the next generation of cybersecurity professionals, who will be crucial in tackling the growing challenges the continent faces.”

Strengthening collaboration and Data Protection

Collaboration among governments, regulators, and the private sector was a central theme throughout the panel. Panelists agreed that governments must take a more active role in safeguarding their data and ensuring that citizens’ privacy is protected. Charmaine Houvet pointed out that governments should not only focus on policy but also take control of their digital infrastructures. “Governments must ensure their data is encrypted, and cloud technology should be used to support secure digital transformation,” she said.

Panelists also called for more comprehensive regulatory frameworks, with better tools and greater awareness to equip both public and private organizations to address evolving cyber threats. “Cybersecurity is not a one-time effort—it’s an ongoing process,” said Jabu Sibanyoni. “Governments and organizations must prioritize keeping networks updated, particularly those with legacy systems, to minimize vulnerabilities.”

The session concluded with a strong emphasis on the need for ongoing investment in Africa’s cybersecurity capabilities. Panelists agreed that collaboration—across governments, the private sector, and academia—is essential for creating a safer and more resilient digital environment.

With ransomware attacks on the rise and cyber threats evolving, panelists stressed the importance of proactive strategies to mitigate these risks. “It’s crucial that we take a holistic approach to cybersecurity in Africa, one that includes developing the right policies, building technical capacity, and ensuring that the necessary technologies are in place to protect organizations and individuals,” the speakers agreed.