West African banks are battling cyberattacks

According to analysts from the Moroccan company Dataprotect, sub-Saharan banks are particularly vulnerable to cyberattacks (credit card fraud, phishing, intrusions), mainly due to a lack of investment in cybersecurity and lack of qualified staff.

While the cost of cybercrime is estimated at $3.8 billion (€3.5 billion) in Africa – compared to $585 billion (€528 billion) globally – this does not mean that Africa is any more resistant than other continents to the challenge of cybersecurity. On the contrary, according to analysts from the Moroccan company Dataprotect, founded by Ali El Azzouzi, who looked at the situation of 148 banks from the eight-member countries of the West African Economic and Monetary Union (Uemoa) and three Central African countries (Gabon, Congo, and DRC). Twenty-one banks participated, directly or indirectly, in this survey, entitled “Banking Fraud in Sub-Saharan Africa”.

More than 85% of these financial institutions reported that they have already been victims of one or more cyber attacks resulting in damage, sometimes repeatedly. These include bank card fraud (in 30% of cases) and phishing – a method of tricking people into revealing their personal information, which also accounts for one-third of cyberattacks.

This is followed in 24% of cases by attacks on core banking: viruses and intrusions into information systems. Finally, banks are affected by information leaks, identity theft, money transfer fraud, and counterfeit cheque withdrawals.

Discover award-winning journalism and live world news with the Born2Invest mobile app. Get breaking stories, in-depth reporting from Africa. Explore economic news, business strategies, and many other trending news for you to keep informed.

Investments on the rise, but insufficient

“Clearly, African banks are dealing with professional criminals,” explained Ali El Azzouzi, who estimated that only 6% of incidents are discovered by the cybersecurity staff of financial institutions in the study area. And when they are, they are not always revealed by the institutions concerned, making the financial impact of cyber attacks difficult to assess on the continent.

The banks that communicated on the issue estimated their losses at an average of $853,687 (€770,000) over the last few years. But Dataprotect analysts pointed to an average cost of $9,978 (€9,000) for each computer infected by malware. “This amount can quickly escalate if the attack is not contained,” they added.

To address the threat, 85% of banks surveyed by Dataprotect said they invest less than $554,382 (€500,000) per year in cybersecurity, while 50% said they invest between $110,868 (€100,000) and $554,382 (€500,000) per year. For its part, in its report “Africa’s investment in cybersecurity” Orange Cyberdefense predicted in 2018 that the African market would grow from $1,6 (€1,5) billion in 2017 to more than $2,43 (€2.2) billion in 2020.

A mainly subcontracted activity

Although, in recent years, this investment remained very modest compared to the losses incurred. The Dataprotect report warned that “In terms of cybersecurity, investments must be proportional to the information risk incurred by the company. It is in the financial sector that the risk is greatest.”

From an operational point of view, 55% of financial institutions use outsourcing for their cybersecurity activities, believing that this allows them to remain focused on their core business. They also do so because of the difficulty in recruiting qualified staff, an issue raised by more than 85% of the banks surveyed. “A cyber-security specialist is often reluctant to work in a company where he or she will be professionally isolated and without the possibility of promotion in his or her field,” explained the report’s authors, according to whom only 20% of the institutions that took part in the survey take the subject seriously.

Without fully immunizing them, their vigilance will enable them to prevent most intrusions. But the remaining 80% “operate with their eyes closed in a high-risk area and, once hit, will suffer maximum damage,” warned Dataprotect analysts.

The Moroccan company specialized in information security currently operates in more than 35 countries, with more than 500 customers including 100 banks, in Africa, Europe, the Middle East, and the Asia Pacific. Its turnover exceeds $11 million (€10 million).

__

(Featured image by Markus Spiske via Unsplash)

DISCLAIMER: This article was written by a third party contributor and does not reflect the opinion of Born2Invest, its management, staff or its associates. Please review our disclaimer for more information.

This article may include forward-looking statements. These forward-looking statements generally are identified by the words “believe,” “project,” “estimate,” “become,” “plan,” “will,” and similar expressions. These forward-looking statements involve known and unknown risks as well as uncertainties, including those discussed in the following cautionary statements and elsewhere in this article and on this site. Although the Company may believe that its expectations are based on reasonable assumptions, the actual results that the Company may achieve may differ materially from any forward-looking statements, which reflect the opinions of the management of the Company only as of the date hereof. Additionally, please make sure to read these important disclosures.

First published in jeuneafrique, a third-party contributor translated and adapted the article from the original. In case of discrepancy, the original will prevail.

Although we made reasonable efforts to provide accurate translations, some parts may be incorrect. Born2Invest assumes no responsibility for errors, omissions or ambiguities in the translations provided on this website. Any person or entity relying on translated content does so at their own risk. Born2Invest is not responsible for losses caused by such reliance on the accuracy or reliability of translated information. If you wish to report an error or inaccuracy in the translation, we encourage you to contact us.