The Acting Director-General of the Cyber Security Authority (CSA), Divine Selase Agbeti, has warned that small and medium-sized enterprises (SMEs) are becoming the softest targets in the country’s rising wave of cyberattacks, urging businesses to invest in basic digital defences and staff training ahead of tougher enforcement next year.
Speaking in an exclusive interview with THSJ, Mr. Agbeti said cyber resilience must now be treated as a business survival issue, not a luxury, as Ghana’s digital economy expands and cybercriminals exploit gaps in awareness, weak systems, and talent shortages.
“Every business, big or small, must take cybersecurity seriously. Preparedness is not optional but it is survival,” he cautioned, referencing recent global cyber incidents that crippled operations of well-funded multinational firms.
According to the CSA, Ghana has recorded a steady increase in cyber fraud, data breaches, and ransomware incidents targeting SMEs in finance, retail, logistics, and e-commerce.
Many of these businesses lack even basic safeguards such as multi-factor authentication, encryption, or regular system updates.
Mr. Agbeti said a nationwide assessment by the Authority revealed that most SMEs underestimate their exposure, with owners often delegating cybersecurity responsibilities to IT staff without board-level oversight.
“Even those who are aware sometimes fall for simple tricks,” he said. “Phishing, online scams, and insider threats are still costing businesses millions. For SMEs, one successful breach can destroy years of investment.”
The acting CSA chief disclosed that from January 2026, the Authority will intensify enforcement under the Cybersecurity Act, warning that institutions, including SMEs must comply with minimum cybersecurity standards or face financial and reputational penalties.
The CSA is also working with the Attorney-General’s Department to establish a dedicated cyber court to fast-track prosecution of offences and expand its investigatory powers under upcoming legislative reforms.
“Institutions must understand that non-compliance will not only bring financial penalties but also reputational damage,” Mr. Agbeti stressed.
Recognising the cost barrier faced by SMEs, the CSA is promoting managed Security Operations Centres (SOCs) that allow smaller firms to outsource their cybersecurity monitoring and response needs at affordable rates.
“The market will regulate pricing. Our role is to accredit and ensure data is hosted securely within Ghana,” he said, adding that CSA-licensed SOC providers would be key partners for SMEs lacking internal cybersecurity teams.
Mr. Agbeti admitted that a severe talent shortage threatens the country’s ability to sustain its cybersecurity defences, as many trained professionals are being lured abroad by higher-paying employers.
To bridge the gap, the CSA is partnering with universities and global professional bodies, including ISACA and ISC², to expand training and certification.
Under the government’s “One Million Coders” initiative, at least 10,000 cybersecurity specialists are to be trained to serve both public institutions and private enterprises.
“We must build a pipeline of skilled professionals for both public and private sectors. SMEs, too, need access to certified expertise,” he emphasised.
The CSA also plans to embed cybersecurity education from basic to tertiary levels, instilling safe online habits early to create a resilient generation.
“If we start telling children from the ground up that they need to change passwords, use multi-factor authentication, and practise safe online behaviour, in 10 to 20 years it will become part of the culture,” Mr. Agbeti noted.
As Ghana currently chairs the Alliance of National Cybersecurity Authorities (ANCA), Mr. Agbeti said the country is setting standards for regulatory collaboration and threat intelligence sharing across Africa. Ghana also plans to sign the upcoming UN Cybersecurity Convention, a move he described as a “groundbreaking step” for international cooperation.
He added that Ghana’s partnerships, whether with Western or Eastern technology powers, would remain strategically neutral and rooted in national interest, ensuring that no foreign partner exploits local systems through digital backdoors.
For Ghana’s 900,000-plus SMEs, the message is clear: cybersecurity is now a business essential.
With the CSA tightening oversight and cybercriminals becoming more sophisticated, companies that fail to strengthen their defences risk not just data loss but total collapse.
“Resilience begins with awareness, investment, and responsibility, the digital future belongs to those who are prepared.” Mr. Agbeti added.
