2025-12-06 –, Track 1
Africa is huge and complex place, with over 50 countries and more than 2,000 spoken languages - from Arabic and Swahili to Hausa and Zulu. It's also evolving, with technology impacting countries and their people in dramatic ways. All of this has significant implications for cybercrime and cybersecurity.
But is cybersecurity in Africa as unique as the continent itself, or does globalised technology imply globalised vulnerabilities and threats?
This talk presents the findings from a study of over 300 security incidents on the continent from the last five years, and uses a novel framework to surface a wholistic and comprehensive view of the scope and shape of cybersecurity on the African continent.
During 2025 I spent several weeks studying the state of cyber security in Africa. Yes - "Africa". To develop a comprehensive view of security across all 55 countries on the continent I conducted a comprehensive review of prior reporting on the topic. But existing data on security in Africa turns out to be very disappointing, so I chose to study objective public reporting of security incidents over the past five years.
To address the scale and diversity of the continent without reducing it to simplistic regional classifications, I created a novel framework for grouping countries by the convergence of their technology and cybersecurity maturity levels. The “Cyber / ICT Maturity Matrix” enables one to think of groups of countries based on how mature they are in terms of IT and cybersecurity, rather than where they happen to fall geographically.
Using the maturity matrix, I can then develop a comprehensive view on where and how cybersecurity incidents are impacting organisations in Africa. The results are sometimes predictable, sometimes surprising, and hopefully always insightful.
In this talk I start by describing the state of reporting on security in Africa, using examples to illustrate just how woeful it sometimes is. Next I describe the decision I took to focus on incident reporting, and the novel method I developed for classifying African countries by their shared characteristics, rather than their relative location. I reveal the insights that this approach reveals, and use fascinating contemporary examples as illustrations.
Finally, this approach allows me to comment on the question - "Is cybersecurity in Africa different to elsewhere in the world and - if so - how"?
Hello! My name is Charl. I'm a South African based in Cape Town, but I work for Orange Cyberdefense in Paris as their global head for security research. I lead an international, cross-disciplinary team of researchers who produce security intelligence and research in support of Orange's various efforts in the cybersecurity space.
Many years back I was a co-founder of penetration testing firm SensePost, but I've also lead teams of trainers, vulnerability management, threat detection and more.
I write and speak frequently on various topics in security, including at some of the major security conferences world-wide, but connecting with my peers in ZA is always my favourite!