As banks across Africa ramp up efforts to deliver financial services to millions of unbanked citizens, a growing cybersecurity talent gap is threatening progress, according to Doros Hadjizenonos, Regional Director at Fortinet South Africa.
In a publication on itnewsafrica.com, Hadjizenonos pointed out that cybercrime is now a top concern for many African financial institutions, citing the 2024 African Financial Industry Barometer which found that 59% of respondents identified cybercrime as a major threat.
The situation is worsened by a persistent skills shortage. The 2024 Fortinet Cybersecurity Skills Gap Global Research Report revealed that 70% of organizations believe that cybersecurity skills shortages pose additional risks. Another Fortinet report highlighted that more than half of employees lack basic security awareness, often due to limited staff and budget.
“Without the right talent and tools in place, banks risk becoming more vulnerable just as they become more connected,” Hadjizenonos wrote.
The cybersecurity gap is exacerbated by a growing demand for IT talent driven by digital banking expansion and ongoing “brain drain” across the continent. Hadjizenonos explained that African banks are competing for scarce talent like data scientists, system engineers, and programmers, especially in South Africa and Nigeria where skilled professionals are emigrating in search of better opportunities. This has made hiring difficult and pushed salary expectations higher.
At the same time, banks are under pressure to scale up digital services to reach more people. Africa leads globally in mobile money services, but these platforms come with new cyber risks. As Hadjizenonos notes, “every new digital channel adds another potential entry point for attackers”, expanding the threat landscape.
To address these vulnerabilities, Hadjizenonos recommends a three-pronged cybersecurity strategy: training, awareness, and technology. He calls on financial institutions to invest in local talent development, improve staff retention, and provide internationally recognized certifications for IT and security personnel.
He also stresses the importance of staff education, stating that “58% of IT decision-makers say the top cause of security breaches is staff with a lack of cybersecurity skills and training”. As such, engaging and regular awareness programs are key.
Moreover, banks are encouraged to partner with both local and international cybersecurity firms to build stronger systems and shift from a reactive to a proactive security stance.
On the role of AI, Hadjizenonos acknowledges the risks but also the benefits: “AI-powered security solutions offer much-needed support by delivering proactive threat detection and automated response capabilities.”
While the shortage of cybersecurity professionals poses a significant challenge, Hadjizenonos believes it is solvable. “With a clear strategy that prioritizes talent development, staff awareness and the support of trusted technology partners,” he writes, noting that banks can reduce cyber risks and build a more resilient digital future for Africa.
