Tackling Cybercrime and Building Digital Resilience in Africa with Sharon Knowles

Sharon Knowles on Africa's cybersecurity evolution: tackling unique mobile fraud, cloud risks, and regulatory shifts while building a resilient digital future

Africa's rapid digital transformation is creating a cybersecurity landscape so unique that it cannot be governed by frameworks imported from other regions. This is being tested daily across the continent, where a mobile-first economy, evolving regulatory harmonization, and a stark skills gap collide.

To explore its reality, we spoke with Sharon Knowles, a leading authority at the forefront of this challenge. As the CEO of da Vinci Forensics, she has a front-row seat to the threats targeting African organizations and the innovative resilience being built in response.

Interview with Sharon Knowles

How has the cybersecurity industry in Africa evolved, and what unique trends are emerging?

Cybersecurity has moved from a side topic to a board-level priority across the continent, driven by a sharp rise in online scams, business email compromise, ransomware, and increasingly digital sextortion. Law-enforcement coordination and takedowns have improved, and we are seeing more structured threat reporting and joint operations across multiple countries.

Cloud adoption has accelerated, helped by local hyperscale regions in South Africa, which are lifting expectations around resilience, data residency, and incident response. Mobile-first economies create unique exposure, for example, SIM-swap fraud and social engineering around mobile money, so operators are rolling out fraud-fighting APIs and more evolved verification services.

What are the biggest challenges for organizations?

Skills scarcity remains the number one constraint, followed by budget pressure and legacy infrastructure that is hard to secure at scale. Fragmented regulation and uneven enforcement create compliance complexity for companies that operate across borders, although the situation is improving as data protection authorities mature.

Persistent social-engineering attacks, BEC (business email compromise) in particular, and basic hygiene gaps around identity, email security, and backups continue to drive incidents.

Which sectors are driving demand for cybersecurity solutions?

Financial services and telecoms are leading, due to regulatory pressure and the sheer volume of digital transactions, with governments close behind as e-services expand. Critical infrastructure, mining and utilities, healthcare, and high-growth e-commerce and fintech start-ups are also investing, helped by the availability of local cloud regions from Microsoft Azure, AWS, and Google Cloud in South Africa.

How are African governments approaching regulation, and what is the impact on business?

Most countries now have either cybercrime or data protection laws, and there is a push to harmonise, for example, via the African Union’s Malabo Convention that entered into force in June 2023. The AfCFTA Digital Trade Protocol, adopted in 2024 with annexes advancing in 2025, is nudging toward common rules for data flows, online safety, and digital trade, which should reduce cross-border compliance friction over time.

National regulators are becoming more assertive, with South Africa’s Information Regulator issuing enforcement notices and rolling out a breach-reporting portal, Kenya’s ODPC increasing fines and corrective orders, and Nigeria’s NDPC launching sector-wide investigations. Businesses feel the pressure; however, clearer expectations are helping executive teams justify investment in controls and governance.

What role do funding and investment play in start-up growth and innovation hubs?

Venture funding dipped then stabilised, and Africa’s big four ecosystems, Nigeria, South Africa, Kenya, and Egypt, continue to attract most capital. Initiatives from Smart Africa, the AfCFTA digital agenda, and development financiers are also supporting capacity building, standards, and national CERT capability, which creates demand signals for local cyber start-ups.

Overall, funding is still modest relative to need, yet there is a healthier pipeline of security products around fraud prevention, identity, and threat intelligence tailored to African realities.

Looking ahead, what opportunities and risks will define the future?

Opportunities include securing rapid cloud and AI adoption, building regional SOC and CSIRT capacity, and embedding fraud-resistant digital identity into public and financial services. Risks include continued social engineering at scale, ransomware targeting essential services, third-party and telecom supply-chain exposure, and widening skills gaps if training does not keep pace. Ongoing regional cooperation, shared playbooks, and clearer cross-border data rules will be the difference between reactive firefighting and sustainable cyber resilience on the continent.

Africa is at a crossroads. On one side, we face increasingly sophisticated cybercriminals exploiting gaps in awareness and regulation. On the other hand, we have enormous opportunities to build resilient digital economies if we invest in people, processes, and technology. The countries that prioritise collaboration, skills development, and responsible innovation will lead the way in shaping a secure digital future for the continent.