Close Menu
  • Briefing
    • Cover Story
    • Latest News
    • Counties
  • Politics
    • Society
  • Special Reports
    • Companies
    • Enterprise
    • Money
    • Technology
  • Columns
  • Dispatches from China
  • Member Content
    • Shop
  • Contact Us
    • About us
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram LinkedIn
Nairobi Business Monthly
Subscribe
  • Briefing
    • Cover Story
    • Latest News
    • Counties
  • Politics
    • Society
  • Special Reports
    • Companies
    • Enterprise
    • Money
    • Technology
  • Columns
  • Dispatches from China
  • Member Content
    • Shop
  • Contact Us
    • About us
Nairobi Business Monthly
Home»Briefing»Human error, not hackers, is Africa’s biggest cybersecurity risk
Briefing

Human error, not hackers, is Africa’s biggest cybersecurity risk

Antony MutungaBy Antony Mutunga5th August 2025No Comments3 Mins Read
Facebook Twitter WhatsApp Telegram Email
Share
Facebook Twitter WhatsApp Telegram Email

Cybersecurity in Africa has come a long way in the last several years, evolving to a point where now most African organizations are investing more in defenses, rolling out training programs, and adopting new technologies.

However, dangerous blind spots still remain. The real threat isn’t just hackers or weak firewalls; it’s the widening gap between what management thinks their employees know and what they actually understand.

According to the KnowBe4 Africa Human Risk Management Report 2025, many organizations are overestimating their workforce’s cybersecurity readiness while underestimating critical deficiencies in trust, training, and practical application.

The Nairobi Law Monthly September Edition

The report reveals a troubling trend: while 50% of decision-makers rate employee confidence in reporting cyber threats at 4 out of 5, only 43% of employees actually feel confident in recognizing threats such as a phishing email or a malware attack.

Even more concerning, a third of employees believe their training is insufficient. This perception gap extends to role-specific training with 68% of leaders claiming their security awareness training (SAT) is tailored by role, yet only 33% of employees agree, with 16% outright disputing the claim.

According to Anna Collard, SVP of Content Strategy and Evangelist at KnowBe4 Africa, this discrepancy between perception and experience is exactly where human risk thrives. “If leaders don’t correct course, they’re building security strategies on false confidence,” said Collard.

  • Kenya sees surge in cyber threats with 840 million attacks in 3 months

Many organizations are stuck in a cycle of checking boxes, mandatory training sessions, annual phishing tests, and generic security pamphlets, without ever asking: Is this actually working?

Over 40% of companies admit they struggle to measure whether their training leads to real behavioral change. The issue being too many rely on one-size-fits-all programs that don’t account for different risk levels across departments.

For instance, a finance employee handling sensitive transactions needs a different approach than a marketing team member managing social media, yet most training fails to reflect that.

And while larger organizations pour resources into cybersecurity, they’re ironically less confident in their employees’ readiness. The bigger the company, the harder it seems to track whether awareness translates into action.

And as if traditional cybersecurity challenges weren’t enough, a new threat is also rapidly emerging: unregulated AI usage. With nearly half of African organizations still drafting formal AI policies and up to 80% of employees using personal devices for work, the risk of unchecked “shadow AI” is skyrocketing. East Africa has managed to stay ahead of the curve with more proactive AI governance, but more still needs to be done.

The solution isn’t more training but smarter training. Organizations need to move beyond generic lectures and start tailoring programs to real employee behaviors.

That means role-specific simulations, continuous feedback loops, and clear reporting channels so workers know exactly what to do when they spot a threat.

The Nairobi Law Monthly September Edition
cybersecurity
Follow on Facebook Follow on X (Twitter) Follow on WhatsApp
Share. Facebook Twitter WhatsApp Telegram
Antony Mutunga

Antony Mutunga holds a Bachelors degree in Commerce, Finance from Jomo Kenyatta University of Agriculture and Technology. He previously worked for Altic Investment & Consultancy before he joined NBM team in 2015. His interest in writing ranges from business, economics and technology. He is also our lead researcher in matters business.

Related Posts

Kenya’s crypto regulation bill awaits Ruto’s signature

13th October 2025

BBS Mall chairman set to invest Sh65 billion in Tatu City

13th October 2025

CBK lowers rate to 9.25% as lending rebounds strongly

9th October 2025

Kenya Power profit down 18.7% to Sh24bn, pays Sh1 dividend

9th October 2025
Add A Comment

Comments are closed.

The Nairobi Law Monthly September Edition
Latest Posts

Kenya’s crypto regulation bill awaits Ruto’s signature

13th October 2025

BBS Mall chairman set to invest Sh65 billion in Tatu City

13th October 2025

CBK lowers rate to 9.25% as lending rebounds strongly

9th October 2025

Kenya Power profit down 18.7% to Sh24bn, pays Sh1 dividend

9th October 2025

Modern border infrastructure key to realising the AfCFTA dream

6th October 2025
The Nairobi Law Monthly September Edition
Nairobi Business Monthly
Facebook X (Twitter) Instagram LinkedIn
  • About Us
  • Member Content
  • Download Magazine
  • Contact Us
  • Privacy policy
© 2025 NairobiBusinessMonthly. Designed by Okii

Type above and press Enter to search. Press Esc to cancel.