Exposé Reveals Significant Misconception in African Preparedness Against Cyber threats
KnowBe4 Africa Human Risk Management Report 2025 Reveals Mismatch in Organisational Cybersecurity
The KnowBe4 Africa Human Risk Management Report 2025 has highlighted a significant disconnect between employer perceptions and employee experiences of organisational cybersecurity in key African industries. While employers rate employee cybersecurity awareness highly (4 out of 5 or higher), only about 10% of cybersecurity leaders are fully confident that staff would report phishing attacks or other threats [1][2][3].
Key findings from the report include: - Overestimation by employers of employee readiness to identify and report cyber threats, despite high self-assessed awareness ratings. - Misaligned cybersecurity structures and preparedness in growing industries, which are not aligned with the secure behaviour needed to effectively mitigate risks.
This misalignment creates vulnerabilities, as employees may not act as expected during cyber threat incidents, reducing organisational resilience.
To address this issue, the report recommends: - Enhancing communication and training to ensure employees truly understand, recognise, and report cyber threats. - Developing and implementing more effective human risk management programs that align organisational policies with employee behaviours and realities. - Increasing focus on creating a security culture that motivates and enables employees to act securely, not just raising awareness levels superficially.
These insights underscore the importance for African industries to bridge the gap between cyber awareness and actual secure behaviour to strengthen their cybersecurity posture and reduce financial and reputational risks [1][2].
The report also emphasises the need for adaptive and personalised security awareness training as a key to effectively changing behaviour and addressing the perception gap between decision-makers and general employees. Furthermore, it highlights the importance of establishing clear AI governance to mitigate the risks associated with the widespread use of AI in the workplace.
The report captures insights from cybersecurity decision-makers across 30 African countries, revealing that Southern Africa trains more, East Africa governs AI better, and West/Central Africa sees the most human-related security incidents. Additionally, the data shows that confidence in employees' ability to act on cybersecurity awareness is lower in larger organisations compared to smaller ones.
Many organisations are still in the process of developing policies for using AI tools in the workplace, which can create security vulnerabilities if not properly managed. The report suggests the development of a roadmap for turning awareness into action, including role-specific training, measurable outcomes, AI policy development, and better reporting structures.
The report also shows that many organisations only conduct annual or biannual training that is too generic to effectively change behaviour, contributing to uncertainty about its effectiveness. A large percentage of employees (between 41% and 80%) use their personal devices for work, introducing security risks as personal devices may not have adequate security measures.
In conclusion, the KnowBe4 Africa Human Risk Management Report 2025 offers valuable insights into the current state of organisational cybersecurity in Africa and provides recommendations for improving employee awareness and behaviour, ultimately strengthening cybersecurity postures and reducing risks.
[1] KnowBe4. (2025). Africa Human Risk Management Report 2025. Retrieved from https://www.knowbe4.com/resources/reports/africa-human-risk-management-report-2025
[2] KnowBe4. (2025). Press Release: KnowBe4 Africa Human Risk Management Report 2025 Reveals Paradox in African Cybersecurity. Retrieved from https://www.knowbe4.com/press-releases/knowbe4-africa-human-risk-management-report-2025-reveals-paradox-in-african-cybersecurity
[3] KnowBe4. (2025). Infographic: Africa Human Risk Management Report 2025. Retrieved from https://www.knowbe4.com/resources/infographics/africa-human-risk-management-report-2025
