A critical shortage of cyber security talent is placing African financial institutions at growing risk as cyber attacks intensify, says Doros Hadjizenonos, regional director at Fortinet South Africa.
Citing the 2024 African Financial Industry Barometer by the Africa Financial Industry Summit and Deloitte, Hadjizenonos notes that 59% of institutions view cyber crime as a major threat.
According to the Fortinet 2024 Cybersecurity Skills Gap Global Research Report, 70% of global respondents believe the cyber security skills gap increases their risk, with over half of employees lacking basic security awareness.
In the EMEA region, 54% of organisations reported that cyber security breaches in 2023 cost them more than $1 million (about R17.7 million) in damages, and 51% attributed those breaches to a lack of cyber security skills and training.
Moreover, 58% of security leaders say human error due to lack of cyber security awareness is still the leading cause of serious breaches globally, and this mirrors Fortinet’s South African observations.
“This often stems from limited personnel and budget constraints,” Hadjizenonos says. “The skills gap leaves banks vulnerable, especially as they expand digital services to reach unbanked populations.”
Skills demand
Demand for skilled IT professionals has surged with the digitalisation of banking. A 2024 study by Nelson Mandela University’s STEP Research Group found a significant shortage of technical roles across SA, including data scientists and system engineers.
The situation is worsened by a “brain drain”, particularly from SA and Nigeria, as IT professionals seek better opportunities abroad, driving up salaries and reducing the local talent pool.
Financial inclusion efforts across Africa are also under scrutiny. The continent leads in mobile money adoption, but expanded digital footprints bring heightened security risks. Each new digital channel opens another attack vector, increasing the complexity of defence.
“Cyber attacks erode trust in digital services – particularly among the unbanked – making security essential to financial inclusion,” Hadjizenonos adds.
While investment in cyber security infrastructure is growing among African financial institutions, the commitment to cyber security training still lags. Many institutions allocate significant budget towards technology acquisition (such as firewalls or endpoint protection), but fall short on employee readiness.
This is often due to short-term cost considerations and the assumption that technology alone will prevent breaches, Fortinet adds. However, without trained staff, even the most sophisticated systems can be bypassed through human error or social engineering.
Hadjizenonos urges a three-pronged approach: strengthen training and certifications, boost retention with competitive compensation, and invest in cyber security awareness among frontline staff. Additional Fortinet research shows 58% of IT decision-makers cite employee unawareness as a key breach factor.
Banks are also encouraged to partner with cyber security firms and adopt AI-driven tools to compensate for workforce shortages. While AI introduces new risks, it also offers proactive threat detection and automated response capabilities.
Anecdotally, Fortinet observes that 89% of surveyed organisations that do embed ongoing training see a measurable drop in preventable breaches and staff-initiated incidents. Awareness training is not just a best practice – it’s a vital risk mitigation tool.
“The talent gap is serious but solvable,” Hadjizenonos concludes. “With the right strategy, African banks can reduce risk and build a secure, inclusive digital future.”
Share