By Doros Hadjizenonos, Regional Director at Fortinet South Africa
As African banks continue to bring financial services to millions of the unbanked, an escalating crisis is building: a severe shortage of cybersecurity skills. Cyberattacks now rank among the leading concerns of African financial institutions, with 59% identifying cybercrime as a major threat, according to the 2024 African Financial Industry Barometer, published by the Africa Financial Industry Summit (AFIS) and Deloitte.
According to the Fortinet 2024 Cybersecurity Skills Gap Global Research Report, 70% of respondents believe that cybersecurity skills shortages create additional risks for their organisations. Another Fortinet report revealed that more than half of employees lack fundamental security awareness, compounding the issue.
Often, this lack of security awareness is due to limited personnel resources and budgetary constraints. The skills deficit is leaving banks vulnerable to a range of emerging cyberthreats, potentially even undermining efforts to bring financial services to the vast amount of Africans who remain unbanked. Despite this, organisations have an opportunity to solve the problem sooner than they think.
The ‘brain-drain’
One of the reasons behind the increased demand for IT professionals is the digitalisation of the banking sector. A 2024 study identified a widespread shortage of qualified technical personnel, such as data scientists, system engineers and programmers across South Africa, which has further heightened competition among banks to acquire these skilled employees.
Another underlying cause is the emigration of IT professionals who are lured by the promise of better opportunities abroad. This ‘brain-drain’ has been particularly felt in South Africa and Nigeria, where an exodus of IT skills has fuelled banks’ increased vulnerability to cyberattacks and made it even harder to hire the necessary personnel due to skyrocketing salary expectations.
The pressing need for financial inclusion
Financial service providers in Africa are under pressure to expand their services to the previously unbanked and, to do so, rapidly scale their digitalisation efforts. The continent is at the forefront of mobile money innovation globally, accounting for over 50% of mobile money services.
But mobile banking and digital payment platforms bring about their own risks. Growing their digital footprints helps banks reach new markets, but it also increases their exposure to cyberattacks. Every new digital channel adds another potential entry point for attackers, widening the threat landscape and increasing the complexity of managing security.
Without the right talent and tools in place, banks risk becoming more vulnerable just as they become more connected. Moreover, successful cyberattacks threaten the trust and adoption of digital financial services among previously unbanked customers, thereby hindering pressing financial inclusion efforts.
What can be done?
In response to these challenges, African banks need to focus on a three-pronged approach to cybersecurity that combines training, awareness and technology. Banks should enhance their training programmes by developing robust educational initiatives to facilitate and incentivise a steady pipeline of qualified IT professionals. This includes enabling IT and security staff to obtain globally recognised certifications. Simultaneously, banks should improve their retention strategies, offering competitive compensation packages and career development opportunities to hold onto their existing talent before the allure of opportunities abroad becomes too big.
In particular, it is essential that African banks pursue aggressive cybersecurity awareness training among their frontline staff – especially given the increased current vulnerabilities. Insufficient awareness among employees is cited as one of the leading causes of data breaches – 58% of IT decision-makers say the top cause of security breaches is staff with a lack of cybersecurity skills and training – underscoring the need for banks to address this knowledge gap with engaging cybersecurity training.
Partnering with local and international cybersecurity firms for expertise and support is part of bridging gaps quickly and sustainably. Having the right services and technology in place to strengthen security systems will help banks transition from a reactive to a proactive cybersecurity stance.
Embracing AI
While AI poses a risk to all cybersecurity systems as bad actors harness its capabilities, internal to organisations its adoption can also help in the fight against advanced threats.
With cybersecurity teams stretched thin, AI-powered security solutions offer much-needed support by delivering proactive threat detection and automated response capabilities. In a continent grappling with a critical shortage of skilled professionals, these tools can be even more valuable to financial institutions in preventing or containing the damage from sophisticated waves of cyberattacks across the globe.
The shortage of skilled IT professionals across Africa’s banking sector undeniably amplifies cybersecurity risks, but it’s not an insurmountable challenge. With a clear strategy that prioritises talent development, staff awareness and the support of trusted technology partners, financial institutions can both mitigate these risks and build a stronger, more resilient digital future for themselves and for the African people still waiting for financial inclusion.
