CyberSafe Foundation has unveiled Resilio Africa, a three-year cybersecurity resilience project designed to reduce growing cyberattack risks facing institutions and communities across Sub-Saharan Africa.
Speaking during the launch in Lagos, the Founder and Executive Director of CyberSafe Foundation, Confidence Staveley, said the initiative will strengthen 200 Critical Community Institutions across Nigeria, Kenya, Ghana, and South Africa.
The project aims to protect more than 2 million people and secure over 15 million public records in the four countries.
Backed by Google.org, Resilio Africa will provide participating institutions with free technical tools, cybersecurity assessments, threat intelligence, and incident response frameworks to improve their ability to prevent, detect, and respond to cyber threats.
What they are saying
Staveley explained that many Critical Community Institutions operate with outdated or unpatched systems, limited security budgets, and little or no dedicated technical staff.
Beyond visible gaps, she identified deeper structural weaknesses, including limited cyber-risk quantification, rare incident response exercises, insufficient investment in business continuity planning, fragmented security policies, and weak integration between cybersecurity and broader digital transformation efforts.
- “The result is that many organisations can detect threats, but far fewer can respond quickly, reduce impact, or maintain operations during sustained attacks,” she said, noting that public and nonprofit institutions are among the hardest hit.
While awareness of cyber risks is growing across the continent, Staveley said action often stalls at the point where financial commitments are required.
- “In Africa, we are not lacking in general awareness that we have cyber risk issues. What happens is that the conversation drops off where it gets to the point of taking action,” she said.
According to her, the hesitation is driven not only by a lack of will but also by limited financial capacity.
- “One of the major reasons we’ve seen with that is not the lack of will only. It’s also the lack of will caused by the lack of financial budgets to cover the cost of doing that,” she added.
To bridge this gap, Resilio Africa will deliver 10,000 consulting hours from cybersecurity experts across the four countries at no cost to participating institutions.
Staveley said the value of the services, if billed commercially, would exceed one million dollars.
- “That is all being provided by the best of experts in those four countries for free. And that’s what Google.org has helped us offset,” she said, reaffirming that CyberSafe Foundation remains a not-for-profit organisation focused on supporting vulnerable communities and institutions.
More insights
Staveley said the project comes at a time when Sub-Saharan Africa is experiencing some of the most aggressive cyber activity globally.
Citing a recent Kaspersky threat report, she noted that the region recorded over 42 million web attacks and 95 million malware-based on-device attacks in the first half of 2025 alone.
- “What’s especially concerning is the nature of these attacks,” she said, pointing to the dominance of spyware, password stealers, and backdoor tools.
According to her, password-stealing malware has increased by more than 60 percent, underscoring the growing sophistication of threat actors.
In East Africa, the scale of the challenge is even more pronounced. Kenya recorded 2.5 billion cyber-threat events in the first quarter of 2025, driven largely by phishing campaigns, mobile money fraud, and misconfigured cloud services.
- “These are not abstract numbers. They directly affect institutions that people rely on every day,” Staveley said.
What you should know
The launch of Resilio Africa comes at a time when the Nigerian government is also making moves to address the country’s cybersecurity challenge with a new framework.
- Nairametrics reported that the government plans to roll out a new cybersecurity framework this year to curb rising AI-driven cyberattacks on banks, businesses and government agencies.
- According to the Director-General of the National Information Technology Development Agency, Kashifu Inuwa, the cybersecurity framework, expected to be implemented later this year, will require organisations operating in Nigeria to meet minimum cybersecurity spending thresholds.
He said many companies currently underinvest in cybersecurity because they assume they are unlikely targets.
The framework will also introduce mandatory timelines for reporting data breaches, systems for sharing threat intelligence between the public and private sectors, and coordinated response protocols for major cyber incidents.
