By 
By Hamid Maher, Kevin Huard, Hakim Hamane, Younes Zrikem of Boston Consulting Group
The digital age has brought unparalleled opportunities for innovation, connectivity, and economic growth. At the same time, it has also introduced a growing array of cyber threats that challenge the resilience of organisations, governments, and individuals worldwide.
RELATED: Cybersecurity Trends 2024-2025: Ransomware, scams, and anti-piracy wins in Africa
The 2024 Cybersecurity Workforce Report by Boston Consulting Group (BCG) and the Global Cybersecurity Forum (GCF) highlights a critical global shortage in the cybersecurity workforce—2.8 million positions remain unfilled despite the industry expanding to 7.1 million professionals.
Hamid Maher
This gap is particularly stark in Africa, where fewer than 300,000 cybersecurity professionals must protect one of the world’s fastest-growing digital ecosystems. Addressing this talent deficit is not just a workforce issue, it’s a national security and economic imperative.
The scale of the challenge
Globally, cyberattack costs have surpassed $2.2 trillion, with threat actors increasingly leveraging AI for sophisticated attacks—from automated phishing to vulnerability scanning. While the financial burden of cyber threats has multiplied by five in the last five years and the sophistication of attacks has increased just as much, the actual cost of executing a cyberattack has decreased due to the proliferation of readily available tools and resources for hackers.
Nearly 60% of cybersecurity leaders now see AI as a top threat vector. The workforce must evolve as fast as the adversaries—armed with deeper skills and more adaptive capabilities. And a cyber culture needs to be anchored across the organisation, as it is not only a technological challenge: 77% cyberattacks are due to human failures, people and processes rather than technology.
In this context, one of the most attacked continents in the world (+60% versus average) is Africa, where digital transformation is accelerating, quickly expanding the threat surface. Africa is also the most vulnerable, especially due to the shortage of tech talent. The report notes Africa’s cybersecurity workforce gap—currently 23% or about 68,000 roles—is a bottleneck to digital resilience.
Recent high-profile incidents have brought the issue into sharp focus in many African countries.
Cyberattacks on governmental agencies in Morocco, on an airline in South Africa and on an eCitizen platform in Kenya highlight the rise in cybersecurity incidents, the risks involved, and reinforce the need to be prepared and take action.
Root causes of the workforce gap
Africa’s cybersecurity talent gap stems from a mix of structural and educational constraints. The most pressing issue is the lack of job-ready skills. BCG’s report, Africa’s Opportunity in Digital Skills, found that only 11% of tertiary graduates on the continent have received formal digital training, despite the digital economy being projected to reach $180 billion by 2025. With over 650 million Africans expected to need digital upskilling by 2030, this presents a critical challenge—and a remarkable opportunity.
Also notable is the persistent underrepresentation of women, who make up just 13.5% of the cybersecurity workforce in Africa—the lowest share globally. This lack of diversity limits innovation and shrinks the talent pool at a time when expansion is urgent.
The limited availability of specialised training and infrastructure compounds the issue. While private boot camps and digital literacy initiatives are growing, they are not yet operating at the scale needed to transform the workforce.
Strategies for bridging the gap
Addressing these issues requires coordinated, forward-thinking strategies.
BCG’s Winning the Tech Race in Africa offers useful lessons: digital-native African companies are demonstrating how agile, user-centric approaches and proactive talent development can drive rapid growth. Their success depends on attracting diverse talent and cultivating skillsets aligned with innovation. The same mindset must now be applied to the cybersecurity space.
According to the 2024 Cybersecurity Workforce Report, five levers are essential:
- Skills-based hiring: Traditional models overemphasise credentials. Skills-based approaches enable organisations to find hidden talent with the aptitude and mindset to grow into cybersecurity roles.
- Continuous learning ecosystems: With 60% of organisations citing technology change as a major challenge, continuous upskilling is non-negotiable. Partnerships between governments, businesses, and academia are vital in scaling digital training. The need is even more acute in Africa, where the educational infrastructure must evolve rapidly to meet rising demand.
- Inclusive talent development: Empowering underrepresented groups—especially women—is essential. Initiatives like SheHacks Kenya demonstrate how dedicated platforms can close both gender and skills gaps.
- Responsible use of AI: While AI accelerates threats, it can also augment defenders. Used strategically, AI can automate lower-level tasks, freeing up human talent for more complex, judgment-based work.
- Regional collaboration: Africa’s digital risk landscape knows no borders. As outlined in the African Union Malabo Convention, collective policy alignment and shared investment in cybersecurity standards can significantly strengthen resilience across the continent.
In Morocco and across the continent, more can be done to promote a career in cybersecurity through industry job fairs, government initiatives and by highlighting success stories. Developing apprenticeship opportunities can bridge the cybersecurity skills gap by providing hands-on experience, industry-specific training, mentorship, and creating a local talent pipeline. For example, South Africa and Kenya have shown progress with cybersecurity apprenticeships. Success stems from industry partnerships and government support.
Importantly, BCG’s What Cybersecurity Leaders Get Right shows that the most mature organisations treat cybersecurity as a business-wide concern, not just an IT problem. These leaders embed cyber strategy into their operating models, prioritise governance, and foster communication between tech and non-tech functions.
The role of leadership in driving change
Rebalancing the cybersecurity talent equation will require bold, strategic leadership. In Africa, public and private sector leaders must align on a long-term plan to scale cybersecurity talent pipelines.
Leadership must also translate ambition into execution—through national skills strategies, targeted incentives, and investment in training infrastructure.
For example, Estonia developed a strong cyber talent pool through comprehensive education, government support, active public-private sector collaboration, and by fostering a growing tech ecosystem. Its proactive approach to cybersecurity and digitalisation has led to enhanced national security, thriving startups, robust cybersecurity infrastructure, and international recognition in tech innovation.
A vision for the future
The cybersecurity talent shortage is a solvable challenge. Africa stands at a digital crossroads. With strategic leadership, inclusive hiring, and cross-sector collaboration, the continent can develop a resilient, future-ready workforce equipped to protect its digital infrastructure.
The threats are intensifying—but so is Africa’s potential to lead. If we act now, we can transform this challenge into a competitive advantage, creating a safer, more prosperous digital future for the continent and the world.
