Report: Differences in Security Priorities in Kenya, Nigeria and South Africa

A report by KnowBe4 shows that ransomware, malware and phishing are generally seen as threats, though this changes considerably at a granular level

As is often said, Africa is not a country – and few things bring this fact home more than KnowBe4’s African edition of its annual What Keeps You up at Night Report. The 2020 edition, now available, conducted surveys in 18 African countries, asking more than 500 organisations about their concerns across a variety of security topics.

Additionally, the report provides specific survey details on the three Sub-Saharan giants: Kenya, Nigeria and South Africa. These snapshots are surprising in their variations as well as overlaps – what concerns one of the economic powerhouses is not necessarily a priority for the others, and it’s an eye-opener around Africa’s diverse security challenges.

“It’s a known fact that African countries and organisations are being targeted more actively by cybercriminals, to the level that it’s one of the fastest-growing regions in terms of cybercrime. But when you get down to the specifics, the differences between the survey’s continental averages and its three biggest Sub-Saharan economies are quite striking.”

Anna Collard, SVP of Content Strategy and Evangelist KnowBe4 Africa

The three respective appendices of the report make for captivating reading. Spread across six main categories – cyber threats, compliance security, security initiatives, users, resources, and executive issues – here is a snapshot for each country:


In general, Kenya is split on the priorities of security threats such as phishing and ransomware. On average, at least half of organisations don’t regard these and other threats as more than somewhat concerning – considerably lower than the continental totals. But that also means that the other half of the organisations rank such threats as very concerning, with 31% saying they are kept awake at night by the possibility of business email compromise.  

Kenya’s concerns over security initiatives mirror the continent’s worries – 46% are kept awake at night about security awareness training and supply chain security, respectively. In contrast, the country is not as concerned about different user security issues – African averages lean more towards extreme concerns, yet Kenya’s focus tends to split between somewhat and very concerned.


Nigeria is the clear outlier in security matters, taking some very different views on what to be concerned about. On the one hand, no country is more worried about ransomware: 59% of Nigerian companies say this keeps them up at night, though 40% are only somewhat concerned. Malware attracts a similar split. Yet 74% of Nigerian companies are only somewhat concerned about data breaches.

They are not worried much about security initiatives. Only multi-factor authentication truly keeps them awake at night (74%), with the next massive concern, identity management, sits at 27%. Here’s the kicker: 89% of organisations there are not at all concerned about security awareness training. When user risks do surface, two types of users solicit similar levels of security concerns – remote workers (67%) and negligent workers (41%). Eighty-seven percent of Nigerian companies are somewhat concerned about malicious insiders, and 69% about password sharing.

South Africa

Attitudes in South Africa align closely with the continent’s averages, though there are some differences. While other countries tend to worry most about ransomware, South African organisations rank phishing as extremely (46%) and very (35%) concerning. Malware and business email compromise reflect similar levels of worry – and though ransomware is lower than these categories, at 50%, it’s the threat keeping most businesses awake at night.

South African views around security initiatives almost mirror those of Kenya: 46% are extremely concerned about security awareness training and supply chain security. Thirty-eight percent are also being kept awake by privileged access management, incident response, securing the cloud, and multi-factor authentication. Remote workers keep 57% of South African companies up at night, while negligent insiders (44%) and users sharing passwords (41%) are not far behind.

More News