Expert Speak Digital Frontiers
Published on Oct 26, 2022 Updated 24 Days ago
Bridging the digital divide in Africa will not be possible without adequate people-centred cybersecurity measures
Cybersecurity for inclusive digital transformation in Africa

Africa’s Digital Transformation Agenda 

As Africa continues to advance on regional flagship initiatives to achieve its Agenda 2063 aspirations, digital transformation is increasingly important. The Digital Transformation Strategy (DTS) for Africa (2020-2030) was adopted by the African Union Commission (AUC) in February 2020. The DTS aims to advance the benefits of digitalisation towards stimulating economic growth, eradication of poverty, societal development, and strives for an ‘integrated and inclusive’ digital society by 2030. Inclusivity is a key guiding principle of the DTS as the Strategy notes expressly that the aim is to ensure, “digital transformation for everyone, everywhere, that is affordable and ubiquitous, creating equal access to opportunities and mitigating risks of exclusion”. The objective of the DTS is to bridge the digital divide, enhance Africa’s digital economy and transform Africa by harnessing the benefits of digital technologies. With existing AUC initiatives and flagship projects such as the African Continental Free Trade Area (AfCFTA), the Digital Single Market (DSM), the Single African Air Transport Market (SAATM) and the Policy and Regulatory Initiative for Digital Africa (PRIDA), inclusive digital transformation is an imperative for Africa.

The objective of the DTS is to bridge the digital divide, enhance Africa’s digital economy and transform Africa by harnessing the benefits of digital technologies.

Till date, the approach to achieving Africa’s digital transformation has not been democratic, inclusive, and transparent, and there have been continuous calls for Africa to focus on a digital transformation agenda that prioritises digital inclusion. Besides the reality that inadequate digital capacities and disparities in digital participation will unarguably be a challenge in the aspirations of Africa’s DTS, Africa is also yet to prioritise cybersecurity to expected standards. Africa remains weak when cyber security is measured; for example, many African countries remain weak on the International Telecommunications Union (ITU) Global Cybersecurity Index assessment of cybersecurity maturity levels. The uncertainties over the effectiveness of cybersecurity mechanisms and approaches in Africa limits the region’s capacity to effectively achieve inclusive digital transformation. 

Linking cybersecurity to inclusive digital transformation 

Cybersecurity is core to achieving inclusive digital transformation. As countries continue to prioritise digital transformation, the value of cybersecurity to ensuring safe and inclusive digital transformation continues to be emphasised. Digital transformation will bring immense socio-economic benefits to Africa; this cannot be achieved without appropriate cyber governance and effective cybersecurity policies. The African Digital Transformation Strategy<1> notes the importance for Africa to focus on cybersecurity, including the necessity to build capacity to detect and mitigate cyber threats, however, cybersecurity is yet to be mainstreamed in Africa’s digital transformation agenda. Cybersecurity is not stated as a foundation pillar of Africa’s digital transformation strategy but was rather mentioned as a cross-cutting theme; and although cybersecurity has been adopted as a flagship project of the African Union Agenda 2063, the preparedness for inclusive digital transformation is unclear when the cybersecurity landscape is objectively appraised. The DTS states an ambition to ensure that, by the year 2020, the African Union Convention on Cybersecurity and Personal Data Protection (Malabo Convention), 2014, enters into force and all African Union Member States domesticate the Convention and adopt cybersecurity legislations. This is yet to be achieved in Africa even though the Strategy acknowledges unequivocally that “collaborative ICT regulatory measures and tools are the new frontier for regulators and policy makers as they work towards maximising the opportunities afforded by digital transformation…”.

Digital transformation will bring immense socio-economic benefits to Africa; this cannot be achieved without appropriate cyber governance and effective cybersecurity policies.

Africa’s Approach to Cybersecurity

Cybersecurity must parallel digital transformation and the role that regional organisations must play towards formulating policies and ensuring cybersecurity outcomes cannot be overemphasised. The AUC began focusing on promoting cybersecurity in the region after the adoption of the Malabo Convention in 2014. Since then, the AUC has begun collaborating with international and regional partners to promote cybersecurity culture and strengthen the cybersecurity capacities of African member states. The Guidelines on ‘Security of Internet infrastructure in Africa’ was developed in 2017 by the AUC with support from the Internet Society; and in 2018, the AU Declaration on Internet Governance and Development of Africa’s Digital Economy’ was endorsed by the Executive Council of the African Union. The AUC has also adopted cybersecurity as a flagship project of the African Union Agenda 2063. These efforts have not translated to a prioritisation of cybersecurity in the region. It remains a concern that the African continent seems to lack its own cyber security agenda. Amongst stakeholders, there is lack of clarity regarding Africa’s approach to addressing cybersecurity. Cybersecurity responses in Africa have not transcended the traditional notions of security, thereby, ignoring sectors such as civil society groups. This is despite the fact that promoting  inclusion, trust, and security in the digital environment is among key action areas presented in the United Nations Secretary General’s Roadmap for Digital Cooperation. Cybersecurity requires a people-centred approach and the respect of human rights. This has not been the case in Africa, and, perhaps, a reason why digital transformation is still not being understood from the lens of cybersecurity.

Cybersecurity responses in Africa have not transcended the traditional notions of security, thereby, ignoring sectors such as civil society groups.

The digital divide is still a challenge in Africa and the lack of infrastructure, resources, and skills to effectively ensure cybersecurity often collides with achieving cybersecurity at appropriate standards. With many African nations yet to adopt all-inclusive national cybersecurity strategies, which meet the right cybersecurity standards, a major challenge confronting many African governments remains the absence of policy coherence. The Malabo Convention sets out to establish a credible framework for cybersecurity in Africa and encourages African Union Member States to recognise the need to ensure cybersecurity through a unified regulatory framework. Unfortunately, the Convention is yet to enter into force because since 2014, the Convention has received only 13 of the required 15 ratifications. However, the African Union Cybersecurity Experts’ Group (AUCSEG), whose objective is to provide guidance and recommendations on cybersecurity policies and strategies to the AUC and the African member states, has continued to promote the increased ratification of the Malabo Convention. It has also encouraged policy coherence and the prioritisation of cybersecurity and inclusive digital governance in the region.

Achieving secure, resilient and inclusive digital transformation in Africa

Inclusive digital transformation is driven by cybersecurity. The  Open-Ended Working Group (OEWG) and the United Nations Group of Governmental Experts (GGE), have emphasised how developing security, trust and stability in cyberspace is invaluable for ensuring an inclusive participation in cyberspace. If Africa pursues digital transformation without prioritising cybersecurity, achieving digital transformation will be illusory. It is necessary to ensure that the digital transformation agenda underscores cybersecurity at the continental level. Developing a comprehensive and efficient regional cybersecurity strategy embedded in the digital transformation agenda should be prioritised. In March 2022, the African Cybersecurity Summit was held in Lomé, Togo, to dialogue on effective and efficient measures to prioritise cybersecurity in the region. The Lomé Declaration on Cybersecurity and Fight Against Cybercrime, 2022, which voices a commitment to establish a framework to promote a cybersecurity culture, was signed by heads and representatives of African governments as part of the Summit.

If Africa pursues digital transformation without prioritising cybersecurity, achieving digital transformation will be illusory.

Africa must increase digital capacity and not merely focus on legislation. For example, there has been immense dialogue about the text of the Malabo Convention and its ratification, but little is being said of plans for implementation after it comes into force. Technical, legal, and political approaches to cybersecurity are equally important because of Africa’s circumstances, considering the varied cybersecurity maturity levels, local contexts, and political realities. It is important for African States to develop a cybersecurity culture. This will imply focusing on a people-centred approach to developing cybersecurity policies and strategies as well as creating transparent cybersecurity institutions that will implement these policies and strategies by involving the people. African countries like Mauritius and Ghana, to the exception of many others, have shown an example of the importance of cybersecurity institutions to achieving inclusive digital transformation, especially through people-targeted cybersecurity initiatives and activities. Beyond allocating resources for building technical capacity, adequate resources must also be allocated to cybersecurity capacity building for people through education, awareness, and cybersecurity skills development. This will portray an inclination to a people-centred digital transformation. Different factors account for African states approach to cybersecurity Therefore, capacity building in Africa has to be strategic and understood on Africa’s terms and the AUC must begin to consistently undertake a cyber needs assessment of the various stakeholders. Digital transformation in Africa has generally been interpreted in terms of trade and economic enhancement. This is no surprise. The DTS was developed by the AUC with organisations such as AUDA-NEPAD, the United Nations Economic Commission for Africa, the African Regional Economic Communities, the World Bank, and the African Development Bank. Digital transformation transcends trade and financial prosperity. It is clear that awareness is still needed to understand the role cybersecurity plays towards achieving digital transformation, therefore, cybersecurity capacity is needed to increase understanding, participation and facilitate implementation of the digital transformation agenda. Also, by viewing cybersecurity as something within achieving digital transformation in Africa, awareness is still needed to address cybersecurity from a multi-stakeholder and people-centered approach rather than the traditional security-centred understanding, which seems to be the extant approach. It is important to leverage multistakeholder partnerships in line with Article 26 of the Malabo Convention. This is important in the African context because civil society organisations have shown how uniquely positioned they are for advocating policies that aim for a people-centred approach. The inclusion of civil societies in reaching cybersecurity polices and strategies in Africa will enhance a people-centred approach and further inform policies that will drive an inclusive digital transformation agenda.

Beyond allocating resources for building technical capacity, adequate resources must also be allocated to cybersecurity capacity building for people through education, awareness, and cybersecurity skills development.

As Africa pursues digital transformation, the AUC must continue to create dialogues to reflect on the opportunities and challenges for ensuring cybersecurity in Africa. Promoting cybersecurity should be a collaborative effort. Achieving digital transformation requires open, coherent, and sustained efforts, as well as comprehensive collaboration in order to maximise the benefits of opportunities offered by digital transformation, while ensuring cybersecurity. Such an inclusive view is essential for achieving Africa’s digital transformation aspirations.
<1> The African Union Digital Transformation Strategy for Africa (2020-2030).
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.