A Security Snapshot of Sub-Saharan Africa’s Big Three

A Security Snapshot of Sub-Saharan Africa's Big Three

The 2020 African edition of KnowBe4’s What Keeps You up at Night Report, where security surveys in 18 Sub-Saharan Africa countries were conducted asking more than 500 organisations about their concerns across a variety of security topics is now available.

The report provides specific survey details on the three Sub-Saharan Africa giants: Kenya, Nigeria and South Africa. These snapshots are surprising in their variations as well as overlaps – what concerns one of the economic powerhouses is not necessarily a priority for the others, and it’s an eye-opener around Africa’s diverse security challenges.

Anna Collard, SVP of Content Strategy and Evangelist KnowBe4 Africa said “It’s a known fact that African countries and organisations are being targeted more actively by cybercriminals, to the level that it’s one of the fastest-growing regions in terms of cybercrime. But when you get down to the specifics, the differences between the survey’s continental averages and its three biggest Sub-Saharan economies are quite striking.”

The three respective appendices of the report make for captivating reading. Spread across six main categories – cyber threats, compliance security, security initiatives, users, resources, and executive issues – here is a snapshot for each country:


In general, Kenya is split on the priorities of security threats such as phishing and ransomware. On average, at least half of organisations do not regard these and other threats as more than somewhat concerning – considerably lower than the continental totals. But that also means that the other half of the organisations rank such threats as very concerning, with 31% saying they are kept awake at night by the possibility of business email compromise.  

Kenya’s concerns over security initiatives mirror the continent’s worries – 46% are kept awake at night about security awareness training and supply chain security, respectively. In contrast, the country is not as concerned about different user security issues – African averages lean more towards extreme concerns, yet Kenya’s focus tends to split between somewhat and very concerned.


Nigeria is the clear outlier in security matters, taking some very different views on what to be concerned about. On the one hand, no country is more worried about ransomware: 59% of Nigerian companies say this keeps them up at night, though 40% are only somewhat concerned. Malware attracts a similar split. Yet 74% of Nigerian companies are only somewhat concerned about data breaches.

They are not worried much about security initiatives. Only multi-factor authentication truly keeps them awake at night (74%), with the next massive concern, identity management, sits at 27%. Here’s the kicker: 89% of organisations there are not at all concerned about security awareness training. When user risks do surface, two types of users solicit similar levels of security concerns – remote workers (67%) and negligent workers (41%). Eighty-seven percent of Nigerian companies are somewhat concerned about malicious insiders, and 69% about password sharing.

South Africa

Attitudes in South Africa align closely with the continent’s averages, though there are some differences. While other countries tend to worry most about ransomware, South African organisations rank phishing as extremely (46%) and very (35%) concerning. Malware and business email compromise reflect similar levels of worry – and though ransomware is lower than these categories, at 50%, it’s the threat keeping most businesses awake at night.

South African views around security initiatives almost mirror those of Kenya: 46% are extremely concerned about security awareness training and supply chain security. Thirty-eight percent are also being kept awake by privileged access management, incident response, securing the cloud, and multi-factor authentication. Remote workers keep 57% of South African companies up at night, while negligent insiders (44%) and users sharing passwords (41%) are not far behind.