In 2023, I started a project aimed at sourcing and analysing Cyber attacks across Africa. The primary objective was to understand attack patterns within the region and leverage these insights to build actionable threat intelligence. However, an issue I faced was the limited availability of reliable data, largely due to the underreporting of Cyber incidents across many African countries.
This raises questions about transparency and regulatory enforcement. Using Nigeria as an example, I understand that there is a regulation mandating organizations to report cyber attacks but I am not certain about it’s enforcement and awareness.
This lack of visibility creates a big concern: How can organisations, government and security professionals learn from past incidents if they are not adequately reported?
Alternatively, does this underreporting suggest that our systems and infrastructure are highly secure, or does it point to gaps in disclosure, and accountability?