African countries which spent approximately $2 billion (£1.6bn) countering cyber-attacks last year is expected to expand to about $3.6 billion (£3bn) by 2020, according to a report released by Serianu, an information technology services and business consulting firm.
“The top malwares identified in the continent were botnets, ransomware, spyware, Trojans and worms and ransomware such as Locky and Zepto which were the most common to organisations and individual users,” William Makatiani, CEO at Serianu told SC Media UK.
According to the report, Nigeria had the highest expenditure totaling about $550 million, followed by Kenya with $175 million, Tanzania with $85 million, Ghana $50 million and Uganda $35 million.
Kenya opened a new Cyber Coordination Centre in October, to coordinate the country's response both internally and internationally.
“The malicious insider staff steal passwords and approve transactions and move money out very late at night,” said Makatiani.
“In insurance schemes, when you have a life policy that is about to expire, the hackers change the beneficiary, so that when the payout is made, it does not go to the right person,” he added.
“This cost continues to grow as many organisations automate their processes. In some cases, like Kenya, the introduction of e-services by private and public sector has introduced new weaknesses that have allowed loss of money through these channels,” the report stated.
The major problem is lack of practical regulatory guidance from industry regulators and government's inadequate training and awareness amongst the law enforcement and judiciary fraternity, Makatiani explained.
The report also said that traditional antivirus software can no longer match the new strains of malware targeting African organisations, with criminals now creating unique malware crafted for different targets to obstruct detection and prevention by malware vendors.
"We need to strengthen the implementation of existing cyber-crime laws and policies which will involve adopting more mature processes for cyber-crime prosecution and raising awareness to citizens on reporting of cyber-crimes," said Francis Wangusi, director general of the Communications Authority Kenya.
Áfrican governments also should focus on involving more sectors during development of these cyber policies and laws such as institutions of learning, business communities and cyber-security specialists, among others.
The report also ranked banking as the leading risk sector, citing complex regulatory requirements and greater exposure to internal and external cyber-security due to interconnection and complex modern banking systems.