For the second year in row executives of financial institutions in Africa have put cybersecurity concerns ahead of every risk factor in the financial services sector. 74% of the participants in the 2023 African Financial Industry Barometer survey say cybersecurity regulation needs improvement.
According to the 2023 Africa Financial Industry Barometer, developed in partnership with the Africa Financial Industry Summit and Deloitte, 97% of surveyed executives at top financial institutions in Africa consider cybercrime a significant threat. Macroeconomic conditions (97%), political and social instability and security risks were also identified as the most prevalent threats facing financial institutions in Africa. Political or social instability and security risks are a close second perhaps signally some unease over the spate of military coups (5 in 2022 and 6 in 2021) and or internecine conflict in some regions.
Four days ago, David Sennaike, a Nigerian cybersecurity professional published an article on social networking site, LinkedIn, claiming to have found a post Breached.co, offering leaked data containing customer data, login details of employees and API access of 43 Nigerian banks. Breached.co, is a dark web forum founded in 2022 after European Police shut down RaidForums, its predecessor. Sennaike says he tested the sample data and was able to verify its authenticity and view bank customers’ data including bank verification numbers (BVNs) and other customer information. Bidding for the dataset on the dark web forum started at $50,000 and was at $250,000 on the 7th of February this year, per a screenshot from Sennaike’s LinkedIn article. According to Sennaike, fintechs were also implicated in the leaked data.
Several banks and fintechs in Nigeria have suffered cyber attacks or fraud incidents between 2022 and 2023, including MTN, which sued several banks in the country after losing $53 million from its mobile money service. TechCabal previously reported several alleged attacks on Flutterwave (the company denies this) which led to the company suing several recipients of the funds and freezing the bank accounts of 295 others, TechCabal reported.
The worrying spate of cyber attacks and fraud has led to the creation of several groups to fight against fraud by sharing data, including Project Radar of which Flutterwave is a member alongside other fintechs and eKYC firms.
The Africa Financial Industry Barometer report also shows the trend towards more data sharing. African financial institutions are becoming more willing to share incident risk data (approximately 50%), fraud data (42%) and data to enable interoperability of digital payments (50%). On average only 24% of financial institutions surveyed say they share data (on risk incidents, fraud, money laundering or cyber incidents). 36% say they plan to establish partnerships that will enable them to share data in the short to medium term.
Only 15% of surveyed financial industry leaders consider how cybersecurity is regulated in Africa to be effective. 74% say there needs to be improvement and 11% of leaders do not know how cyber and information security is regulated or believe regulation is non–existent.
Declining economic fortunes is also a major headache for financial institutions in Africa ranking side by side with cybersecurity concerns. The World Bank says economic growth in sub-Saharan Africa dropped to 3.6% in 2022 from 4.1% in 2021 and is expected to dip to 3.1% in 2023. Alongside sluggish growth globally, persistent inflation, and tough financial conditions with record debt will contribute to this decline in growth.
However, despite concerns about the impact of poor economic outlook, banks, insurance firms and other financial institutions remain optimistic about their business prospects. Only 15% of respondents predict that unfavourable macroeconomic conditions will persist over the next three years in Africa.