For the second year in a row, African financial institution executives prioritise cybersecurity over all other risks. 74% of 2023 African Financial Industry Barometer respondents say cybersecurity regulation needs improvement.
The 2023 Africa Financial Industry Barometer, developed in partnership with the Africa Financial Industry Summit and Deloitte, found that 97% of top financial institution executives in Africa consider cybercrime a major threat. The biggest threats to African financial institutions were macroeconomic conditions (97%), political and social instability, and security risks. Political or social instability and security risks are a close second, perhaps signally some unease over the spate of military coups (5 in 2022 and 6 in 2021) and or internecine conflict in some regions.
Across the continent, cybersecurity incidents result in losses estimated at between $3.5 billion and $4 billion every year. 97% of African financial institution leaders say cybercrime and cybersecurity regulations are the biggest threats to the industry. The report states that financial institutions prioritise cybersecurity due to rising attack volume and sophistication.
Four days ago, David Sennaike, a Nigerian cybersecurity professional, published an article on the social networking site LinkedIn, claiming to have found a post, Breached. co, offering leaked customer data, employee login details, and API access of 43 Nigerian banks. Breached. co is a dark web forum formed in 2022 after European Police shut down RaidForums, its predecessor. Sennaike says he tested the sample data and was able to verify its authenticity and view bank customers’ data, including bank verification numbers (BVNs) and other customer information. A screenshot from Sennaike’s LinkedIn article shows the dark web forum’s dataset bidding started at $50,000 and reached $250,000 on February 7. According to Sennaike, fintechs were also implicated in the leaked data.
Several banks and fintechs in Nigeria have suffered cyber attacks or fraud incidents between 2022 and 2023, including MTN, which sued several banks in the country after losing $53 million from its mobile money service. TechCabal previously reported several alleged attacks on Flutterwave (the company denies this), which led to the company suing several recipients of the funds and freezing the bank accounts of 295 others, TechCabal reported.
The worrying spate of cyber attacks and fraud has led to the creation of several groups to fight against fraud by sharing data, including Project Radar, of which Flutterwave is a member alongside other fintech and eKYC firms.
The Africa Financial Industry Barometer report also shows data sharing increasing. African financial institutions are becoming more willing to share incident risk data (approximately 50%), fraud data (42%) and data to enable interoperability of digital payments (50%). On average, only 24% of financial institutions surveyed say they share data (on risk incidents, fraud, money laundering or cyber incidents) (on risk incidents, fraud, money laundering or cyber incidents). 36% plan to form data-sharing partnerships soon.
15% of African financial industry leaders think cybersecurity regulation is effective. 74% say there needs to be an improvement, and 11% of leaders do not know how cyber and information security is regulated or believe regulation is non–existent.
Declining economic fortunes is also a major headache for African financial institutions, ranking alongside cybersecurity concerns. The World Bank says economic growth in sub-Saharan Africa dropped to 3.6% in 2022 from 4.1% in 2021 and is expected to dip to 3.1% in 2023. Alongside sluggish growth globally, persistent inflation and tough financial conditions with record debt will contribute to this decline in growth.
Despite economic concerns, banks, insurance companies, and other financial institutions remain optimistic. Only 15% of respondents predict that unfavourable macroeconomic conditions will persist in Africa over the next three years.