Countries that are evolving and becoming aware of cyber issues, an Internet market that is soaring, but also geopolitical issues and major gaps to fill: Africa is a cyber market that is both seductive and intimidating. To see more clearly, inCyber met with Franck Kié, General Commissioner of the Cyber Africa Forum, and Clément Rossi, Director of Partnerships of the FIC. An in-depth analysis.

« Internet use in Africa has jumped by 23% between 2019 and 2021, » notes the NGO Internet Society. A meteoric growth that creates a need for greater cybersecurity. To find out more about this promising and complex market, inCyber interviewed Franck Kié and Clément Rossi. Franck Kié is the General Commissioner of the Cyber Africa Forum (CAF), the leading cyber exhibition on the continent, which will be held for the third time on April 24 and 25, 2023 in Abidjan, Ivory Coast. The latter is the Director of Partnerships and External Relations for the International Cyber Security Forum (FIC), one of the CAF’s partners. Let’s have a look at the different points of view.

The Internet is growing rapidly in Africa. Can you give us an overview of this market?

Franck Kié : Africa is a booming market, which has moved directly into the 4th industrial revolution, that of digital and mobile uses. We can see this in the Cyber Africa Forum: between the first and third editions, the number of partners and their level of commitment have increased considerably.

Secondly, penetration rates are quite heterogeneous, but more and more countries have easy access to the Internet, especially thanks to coastal cables and the infrastructure that operators are setting up.

Clément Rossi : There is a very strong progression in mobile Internet. Africa is already very advanced in terms of mobile usage, micropayments, and digital identity. But we are also seeing a catch-up in the digital transformation of organizations and businesses. All of this is driven by the growth of the service economy. The biggest sectors for cybersecurity remain banking, insurance, and critical infrastructure.

Is there a growth in the number of local Internet and cyber actors?

Franck Kié : Yes, absolutely, we have more and more of them, whether in sub-Saharan Africa, North Africa, French-speaking Africa, or English-speaking Africa. In fact, we are attracting more and more English-speaking players to the CAF who are looking to expand into new markets.

Clément Rossi : Moreover, there is a wave of people who have studied and worked in Europe or the United States that are coming back to Africa. They are participating in the continent’s digital transformation. These are people who are setting up local companies, developing solutions and partnerships in the fields of consulting, integration, sales, cyber…

What are the specificities of the cybersecurity market in Africa?

Franck Kié : One of our major challenges remains cybercrime. One of the first areas we discussed with Clément Rossi was to create bridges between different ecosystems to strengthen this fight against cybercrime. On the other hand, finding certain skills is still quite complicated. Generally speaking, in terms of governance, regulations, structures, and cybersecurity strategies, there is still a lot to be done.

Clément Rossi : We have shifted from cybercrime against individuals, which operated from Africa to Europe, to global cybercrime that targets African organizations, companies, and states. They are victims of cyberattacks like the rest of the global economy. The second change is the rise in power of states. At least 70% of them have formalized a national cybersecurity strategy.

Finally, a lot of awareness-raising is still needed, especially among senior executives, who need to learn about digital issues. It’s often big cases that make this awareness possible, like the logistics companies that were victims of fairly virulent ransomware. So, it’s a case of « shock and awe », of being stunned by the event before reacting in order to correct the situation.

Which sectors and countries are leading the way in these areas?

Clément Rossi : The banking sector, which is subject to international or regional prudential rules that impose cybersecurity standards. For the past ten years in Europe, there has been regulatory and legislative work, particularly around the notion of « vital operator », which obliges essential services to implement cybersecurity measures. This shows that regulation can help the cybersecurity market to flourish. Similar thinking exists in Africa, but it has yet to be implemented.

Franck Kié : Since 2013, Ivory Coast has had a law on the protection of personal data and another on the fight against cybercrime. Recently, the government announced the creation of a national cybersecurity agency in Benin. There is already one in Togo and in Central Africa. The Democratic Republic of Congo has just adopted a national cybersecurity strategy. I think that countries like South Africa, Rwanda, Morocco, Ivory Coast, Benin, or Togo are the countries that are taking the lead on these issues with the right regulations, governance structure, and investments.

How is the articulation between the public and private sectors in these cybersecurity policies?

Franck Kié : It goes both ways. The public sector takes the lead on regulation, governance, protection, and awareness. I have organized awareness actions in the field of cybersecurity for the Telecom Regulatory Authority of Ivory Coast with the help of the private sector. Today, we were at the association of banking professionals and financial institutions of Ivory Coast, and, in the same way, they ask to have support, information, and awareness from the public sector. I am rather satisfied with the dynamics that are being created on the continent.

Is the EU an important partner for Africa or are we dealing more with bilateral partnerships between European and African countries?

Clément Rossi : There are bilateral actions, of course. For example, France has opened an ENVR (national school with a regional vocation) in Dakar, specializing in cybersecurity, for regional decision-makers. I am also thinking of Anssi, which has invited interns to come for training and has established partnership and exchange agreements.

With its cooperation and development programs, the EU is the leading international donor to African countries. These include those dedicated to digital transformation, modernization of public services, etc., which include governance, equipment, and cybersecurity.

Mutual assistance is also being set up between gendarmeries in the fight against cybercrime. In this regard, the FIC has established a partnership with Francopol: meetings are organized to share feedback and best practices between entities specialized in cybercrime. And of course, judicial cooperation is developing within Africa as well as with other geographical areas. For example, Ivorian « jammers » have been arrested in Senegal at the request of the Ivorian authorities.

Finally, at the economic level, even if major players are present in Africa, we can see that this market is not yet a priority for French companies. The CAF and FIC partnership contributes to changing this by showing that there is, indeed, a market, customers, and that the development of French companies in Africa can be sustained with the support of local partners.

Another vital aspect of cooperation is that of skills and human resources. There are schools, particularly French ones, that have set up subsidiaries. I am referring in particular to EPITA, which has set up partnerships with African universities or established campuses there.

These cooperations are part of the rivalry between Russia, China, the United States, and some European countries… On the African continent. Does it have an influence on the development of cyber markets?

Franck Kié : There is certainly a correlation between geopolitics and the markets in which the countries concerned are involved, but this is not systematic and it also depends on the country’s level of maturity. The Ivory Coast, for example, is rather French-speaking with a strong French influence, but operators from other countries manage to establish themselves. The influence of a state does not necessarily define the importance of the country in the cyber and Internet markets. Competition between companies remains fierce, regardless of the geopolitical context.

In this battle for influence, European countries, and France in particular, seem to be lagging behind. Does this translate into particular difficulties for their companies?

Franck Kié : Not necessarily. There is clear leadership from certain countries, such as the United States, China, and Israel. On the other hand, there are some very good European or French operators who may not have the same clout on the continent, but who manage to offer extremely advanced solutions in certain fields of activity.

Clément Rossi : It varies depending on the sector. For services, risk analysis, etc., we are not yet on large cybersecurity supervision contracts, but this is gradually evolving, especially in the most mature entities, such as banks. Secondly, there are more opportunities for solutions that bring value and are fairly simple to deploy, such as secure communications. These « quick win » solutions are on the rise.

I’m also thinking of emerging figures like Clément Domingo, who illustrates the problem of bug bounty: developing communities to reduce vulnerabilities. This is a real challenge, both because it includes an HR component of animation and structuring of cyber communities and because it meets real needs. I think that these platforms have a great future in Africa.

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.