Cybersecurity as a Human Development Priority

The digital revolution is reshaping every facet of society in Southern Africa, from how we communicate and learn to how we trade, govern, and deliver essential services. By 2025, more than 60% of the region’s population will have internet access, and digital platforms are expected to underpin over 40% of GDP growth. Yet, this transformation has also expanded the attack surface for malicious actors who exploit technological vulnerabilities and human behaviours alike.

The cybersecurity landscape in the SADC region has undergone significant evolution over the last five years. Once dominated by opportunistic malware and petty fraud, it is now characterised by highly coordinated, transnational cybercrime networks that specialise in human trafficking, financial deception, infrastructure sabotage, and geopolitical disruption. These threats have real-world consequences: lives are ruined, businesses collapse, essential services are disrupted, and public trust in digital systems erodes.

Importantly, the most devastating impacts of cyber threats are often felt not in the boardrooms of large corporations, but in the homes, schools, and small enterprises that form the backbone of our societies. Children groomed online, job seekers trapped in cyber slavery, and small businesses crippled by ransomware attacks all highlight the human dimension of cybersecurity.

For SADC member states, this presents both a challenge and an opportunity. On one hand, the region’s rapid digitisation risks outpacing its regulatory, legal, and enforcement capacities. On the other hand, SADC has a unique chance to establish a regional model of cybersecurity governance, one rooted in collaboration, inclusivity, and human development.

Mr. Godfrey Kutumela, author of this state of concern and position approach, draws on over two decades of cybersecurity experience and intends this as a call to action. It aims to provide governments, regulators, and policymakers with a clear understanding of the current threat landscape, actionable policy recommendations, and a strategic framework to guide regional cooperation and collaboration.

As a passionate cybersecurity professional emerging from the SADC region and having worked globally on private sector and development missions, I am deeply committed to safeguarding people, businesses, and governments in our increasingly digital society.

1. Human Exploitation and Cyber Trafficking

One of the most alarming emerging threats is the trafficking of individuals into forced cybercrime operations, often referred to as “cyber scam slavery.”

• Global Context: Thousands of people, including South Africans, have been lured to countries such as Cambodia and Myanmar under the pretext of legitimate employment, only to be coerced into operating cyber fraud networks.

• Recruitment Patterns: Evidence, including fraud intelligence shared by one of South Africa’s top five banks, shows that criminals primarily target employed individuals aged 23 to 35. Recruitment is often facilitated through Facebook and WhatsApp, with offers of lucrative overseas jobs requiring only a passport and proficiency in English.

• Impact: Victims are stripped of their freedoms, forced to perpetrate online scams, and subjected to inhumane conditions. This represents not only a cybersecurity issue but a human rights crisis that demands urgent regional and international cooperation.

2. Online Fraud Targeting People, Children, and Businesses

Online fraud has evolved into a highly sophisticated and profitable industry that exploits both technological vulnerabilities and human psychology. Common schemes include:

• E-Commerce Scams: Fraudulent online stores advertise high-demand products like smartphones at below-market prices. Victims pay but never receive their goods.

• Work-from-Home & Employment Scams: Cybercriminals harvest personal data, addresses, and banking details by posing as employers. Some even distribute malware through “application forms” to gain remote access to victims’ devices.

• Employment Fee Scams: Scammers demand small upfront fees (as low as R250) for job interviews or training. When multiplied across thousands of victims, this becomes a highly lucrative operation.

• Investment and “Get-Rich-Quick” Schemes: Fraudsters use social media and messaging apps to promote false investment opportunities, tricking individuals into transferring funds into fraudulent accounts.

These scams exploit trust, economic vulnerability, and digital illiteracy, and they continue to proliferate despite bank warnings and law enforcement efforts.

3. Protecting Children’s Rights and Online Safety

Children are now the primary targets of the digital economy, spending significant time online and engaging with platforms designed to capture their attention and collect their data.

• Exploitation Risks: Malicious actors use games, social platforms, and entertainment apps to groom, manipulate, or exploit children, often without parental knowledge.

• Regulatory Gaps: Current global and regional regulations are insufficient to address how online content is delivered to minors. Children’s consent, privacy, and data rights are routinely overlooked.

• Parental Awareness: Many parents lack the time, tools, or awareness to monitor online activity effectively. Content providers prioritize engagement and profit over safety, placing children at heightened risk.

A multi-stakeholder approach involving governments, platforms, educators, and parents is urgently needed to safeguard children’s digital environments.

4. Business Threats: Ransomware and Contract Fraud

Businesses across the SADC region face growing financial and operational risks from targeted cyberattacks, including:

• Ransomware: These attacks encrypt business data and demand payment, often in cryptocurrency, to restore access. The anonymous nature of digital currencies complicates law enforcement efforts and encourages further attacks.

• Contract Fraud: Criminal actors exploit digital procurement processes by posing as legitimate suppliers, demanding payment in advance for goods or services that are never delivered. Disputes over fraudulent contracts erode trust in virtual business transactions.

These threats not only cause direct financial losses but also undermine confidence in the digital economy, particularly among small and medium-sized enterprises (SMEs).

5. Government and National Security: Critical Infrastructure Attacks

Nation-states and sophisticated cybercriminal groups are increasingly targeting critical infrastructure, including energy grids, water systems, healthcare networks, and public administration platforms.

• Consequences: These attacks can disrupt essential services, threaten public safety, and weaken national resilience.

• Emerging Challenges: The rapid digitization of infrastructure and the integration of artificial intelligence (AI) introduce new vulnerabilities. Issues of AI governance, ethics, safety, and trustworthiness must be addressed proactively.

• Strategic Response: Revisiting and implementing frameworks like the NIST Cybersecurity Framework (CSF) is critical to building resilient systems capable of detecting, responding to, and recovering from such threats.

Call to Action: Reclaiming Our Digital Security Through a Coordinated Human Response

A Necessary Confrontation: The Failure of the Technology-First Approach

We must confront the fundamental failures of our current strategy. For too long, our focus has been dangerously misdirected.

The core problem is straightforward: we are attempting to address a profoundly human challenge with technology alone. Frankly, a critical cause of our current security failures is the ineffective deployment of technology that consistently ignores user behavior and the human element. We remain obsessed with preserving data and systems out of context, neglecting the real, escalating threats facing human beings.

We must recognize that Cybersecurity is not an IT issue; it is a core pillar of human security, economic stability, and societal development.

Before we invest another cent in new solutions, we must first address three foundational, non-negotiable priorities. Without these pillars, no tool, platform, or even AI defense will ever deliver the security we truly need.

The Three Foundational Pillars of Digital Security

1. Human Awareness and Behavior Change

Technology is only as strong as the people who use it. Cybercriminals are masters of social engineering, exploiting curiosity, trust, fear, and greed more effectively than any vulnerability in code. Our first line of defense is not endpoint security, it's empowered individuals. We must invest in continuous education, region-wide awareness campaigns, and foundational digital literacy for every citizen, family, and organization.

2. Policy, Governance, and Accountability

Advanced technology is meaningless without a strong legal and policy framework. Loopholes, weak enforcement, and jurisdictional gaps will always be the weakest link. We require adaptive, intelligence-driven policies that not only protect our citizens but also hold service providers, platforms, and institutions fully accountable for digital safety and resilience.

3. Collaboration and Capacity Building

Cybersecurity is not a solo mission; it is a shared regional responsibility. Governments, the private sector, civil society, and regional bodies, such as the SADC Secretariat, must transition from isolated efforts to coordinated action. This means sharing intelligence immediately, pooling resources, and establishing standard best practices. Furthermore, we must invest in local capacity building to ensure our solutions are contextual, sustainable, and truly resilient.

A Human-Centric Path Forward

Cybercriminals are driven by the monetization of our people, our data, and our collective knowledge. Our counter-strategy must be a human-centric, intelligence-driven approach that integrates these three foundational priorities into the core of every national and regional strategy. Only once these pillars are firmly in place should we consider investing in new technologies, and when we do, those tools must serve the people, not the other way around.

I am committed to advancing this mission, and I believe the SADC Secretariat and its member states have a crucial, unifying role to play. Together, we can build a safer, more resilient digital ecosystem, one that protects human dignity, sustains economic stability, and strengthens the very foundation of our digital society. Let us stop chasing technology that constantly harms our humanity, culture, and society, and start investing in our people.