Africa has had the most exponential growth in phishing-related cybercrime out of any region over these past few years, especially in regards to small and midsize businesses.

That’s according to KnowBe4’s 2024 Phishing by Industry Benchmarking Report out this week, which analyzed more than 54 million simulated phishing tests across 11.9 million users in 19 different industries across the globe . The researchers found a common denominator in inadequate user training being the primary reason as to why individuals across all industries fell victim to social engineering attacks. 

But it’s the users in many African countries that struggle with this in particular, especially as technology and connectivity experience rapid growth on the continent, causing technology-related threats to grow in tandem.

KnowBe4 researchers measure an organizations vulnerability to phishing attempts in terms of a phish-prone percentage (PPP), i.e. the percentage of individuals in these businesses that are most likely to put the business at risk by clicking on malicious links or unknowingly opening documents or files containing malware. The findings show that Africa’s baseline PPP jumped from 32.8% to 36.7% in one year. In other words, more than one in three individuals in a company will fall for phishing schemes.

Africa’s Phishing Awareness Issues

There are several reasons as to why Africa struggles with these kinds of challenges. Sub-Saharan Africa, for example, actually slowed in its economic growth in 2023 from 4% to 3.3%, likely due to its limited resources, its humanitarian and development struggles, poverty, and an energy crisis, amongst other issues. Compared to these pressing challenges, its cybersecurity training and culture falls behind in the list of concerns. And with all these factors compounding one another, many sub-Saharan African countries make for worthwhile targets by threat actors.

Some of these countries have imposed regulatory compliance laws to attempt to combat these realities and the rise of cybercrime, but ultimately most have not, according to the report.

“Unfortunately, this means that African countries have become playing grounds for cybercriminals, who don’t fear recourse on the continent and target particularly those industries and countries with high digital dependency,” says Anna Collard, SVP content strategy and evangelist, Africa, at KnowBe4.

Improving Social Engineering Risk in Africa

In order to address these cybersecurity challenges, there are steps that need to be taken in the areas of regulation, security awareness training, and guidelines, according to Collard.

“Particular focus is needed on threats like deepfakes used for political manipulation, especially ahead of major elections in various African countries,” she says, adding that “more public-private partnerships are essential to build capacity, address the skills shortage, and improve resilience in the digital world.”

It’s also important to invest in Africa’s younger generation by providing cybersecurity education and training opportunities, she adds. This can be the first step to filling the skills gap, which is one of Africa’s “biggest cybersecurity issues,” while also addressing youth unemployment.

And the sooner countries in Africa are able to start addressing their risk, the better, as the researchers report that cyberattacks against governments and critical infrastructure are expected to rise. The public, construction, and education sectors have all scored low in cyber culture and resilience, which the researchers said is concerning because of the domino effect such attacks can have on the rest of society and the economy. 

“There is a drive by foreign governments like the UK FCDO with their Africa Cyber program to help with cyber capacity building and in fostering more public-private partnerships opportunities,” Collard says. “While certain private-sector industries, such as banking, have well established cyber operations and are better equipped to deal with attacks, public sector organizations struggle to retain talent, develop skills or raise budgets to adequately resource their defense operations.”

She adds, “More coordinated collaboration is required between different departments, law enforcement agencies and private sector companies to address the skill shortage, lack of funding and poor public awareness levels.”

Source

About Author

Dark Reading

See author's posts

Tags:

Related News

Officials worry Salt Typhoon apathy is killing momentum for tougher telecom security rules

March 12, 2026

Securing Airline Public Wi-Fi: Stop Threats With Protective DNS

March 2, 2026

You may have missed

White House executive order purports to limit mail-in voting, mandate federal voter lists 

March 31, 2026

Attack on axios software developer tool threatens widespread compromises

March 31, 2026

Patterns, Pirates, and Provider Action: What We Learned Working with Keitaro

March 31, 2026

Prompt Injection Is Becoming a Data Security and Cyber Defense Problem

March 31, 2026

NIST SP 800-81r3: What’s New?

March 30, 2026

Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’

March 30, 2026
WordPress Appliance - Powered by TurnKey Linux