Southern African Development Community Cybersecurity Maturity Report 2021

Report

2022-03

Permanent link to this Item
Authors
Journal Title
Link to Journal
Journal ISSN
Volume Title
Publisher

Cybersecurity Capacity Centre for Southern Africa (C3SA)

Publisher
Series
Abstract
Cybersecurity has become a priority area in the digital age. The need for well thought-out cybersecurity policies has become even more apparent in a post COVID-19 pandemic world, where the internet is considered a critical resource for almost all aspects of life. Users, organisations, and governments access and offer services and products online and more than ever before. For this reason, there is need to ensure that information and users are safe online. To contribute to having a digital space that promotes the well-being and prosperity of all, it is important for countries to understand their cyber risks, threat, and vulnerability landscape before they can improve on their capacity to deal with cybersecurity. While there are various national and regional reports examining the cybersecurity status of various territories, understandings of regional cybersecurity capacity landscapes are lacking Sub-Saharan Africa. The goal of this study is to evaluate the cybersecurity status of countries in the Southern African Development Community (SADC), and determine the capacity maturity of the region in light of emerging vulnerabilities, threats, and risks. SADC is one of the least explored regions concerning cybersecurity capacity. The study used the Cybersecurity Capacity Maturity Model for Nations (CMM) as an analytical and a benchmarking tool by means of which to evaluate the status of cybersecurity maturity in the region. The granular assessment of the CMM allows for specific regional policy recommendations for the different dimensions of the model with the aim of informing countries, with empirical evidence to take the necessary steps to increase the scale and effectiveness of cybersecurity capacity-building initiatives. This study used both published and unpublished previous CMM assessments conducted by C3SA partners, including the GCSCC, the World Bank, the International Telecommunications Union (ITU), and the Commonwealth Telecommunications Organisations (CTO), which were available at various repositories. In addition, we reviewed other existing metrics and reports on the status of cybersecurity maturity in the region. The reports we reviewed include the NCSI by the e-governance academy foundation, the GCI by the ITU, academic literature such as published papers and grey literature, including regional reports and news articles. To fill any gaps on missing data, subject matter experts were identified and approached to provide more information through semi-structured interviews. The collected data was synthesised according to the relevant dimension for each country, which consequently allowed for a regional analysis based on the five dimensions of the model. Based on these findings, the report makes specific policy recommendations targeted at helping countries in the SADC region to improve their cybersecurity capacity. This report was compiled by C3SA researchers in collaboration with researchers from the GCSCC and NUPI.
Description

Reference:

Collections