As African banks make commendable strides in banking the unbanked, a critical challenge is quietly undermining progress: a severe shortage of cybersecurity skills. With financial inclusion expanding rapidly, cyberattacks have become a pressing concern. According to the 2024 African Financial Industry Barometer, 59% of African financial institutions cite cybercrime as a top threat.
This growing risk is echoed in the Fortinet 2024 Cybersecurity Skills Gap Global Research Report, which reveals that 70% of organisations see a lack of cybersecurity skills as a major vulnerability. Worryingly, over half of employees lack basic security awareness, a problem worsened by limited staffing and budget constraints.
These gaps not only leave banks open to attacks but also threaten the trust of the very communities they aim to serve. Without urgent action, the promise of banking the unbanked could be derailed by avoidable security breaches.
Why the skills shortage is growing
The demand for IT professionals has surged due to the ongoing digitalisation of the banking sector. However, a 2024 study has shown that South Africa, in particular, faces a widespread shortage of key technical roles like data scientists, systems engineers and software developers.
Adding to the problem is the persistent ‘brain drain’ of skilled IT professionals emigrating in search of better opportunities abroad. This is especially true in South Africa and Nigeria, where banks are struggling to retain talent amid rising salary expectations and stiff global competition.
Digital growth vs cyber threats
Expanding banking the unbanked means ramping up digital access. Africa leads globally in mobile money innovation, with over 50% of global mobile money services originating from the continent.
However, each new mobile platform, digital channel or payment service increases a bank’s cyber exposure. While digital expansion enables financial inclusion, it also broadens the attack surface. Banks risk losing the trust of new users if digital services are compromised, especially those who are new to formal financial systems and may already be wary.
Building cyber resilience in African banking
To ensure the safe and sustainable growth of financial services, banks must adopt a three-pronged cybersecurity approach: training, awareness, and technology.
Firstly, they should scale up training programmes and offer certifications to build a steady pipeline of qualified IT professionals. Equally important is retention; competitive compensation and career progression are critical to keeping skilled workers from seeking greener pastures.
Secondly, banks must address the internal knowledge gap by rolling out regular cybersecurity awareness training for all staff, especially frontline employees. Given that 58% of breaches are caused by poorly trained personnel, awareness is non-negotiable.
Lastly, forming partnerships with local and global cybersecurity firms can accelerate knowledge transfer and provide access to advanced security infrastructure, ensuring institutions aren’t left to fend for themselves.
AI in the cybersecurity battle
Artificial Intelligence offers a double-edged sword in the world of cybersecurity. While cybercriminals are using AI to launch sophisticated attacks, banks can use the same tools to strengthen their defences.
AI-powered cybersecurity solutions can fill the skills gap by automating threat detection and response. For banks stretched thin, these technologies provide a force multiplier, ensuring they stay ahead of attacks and secure their expanding digital footprints.
The path to banking the unbanked is fraught with cybersecurity challenges, but they are not insurmountable. With a clear focus on building skills, raising awareness, and deploying the right technology, African financial institutions can protect their digital ecosystems and, more importantly, the millions of people they seek to include in them.
By Doros Hadjizenonos, Regional Director at Fortinet South Africa
