By the DRAA Team |
The world moves towards unprecedented digital transformation, this is creating remarkable gains as a great equalizer, that is also transforming human life globally. Yet, it also poses some serious risks and threats by perpetuating biases, cyberattacks, and digital divides especially amongst the most vulnerable communities.
Cyberattacks are an intentional ‘attempt to gain unauthorized access to a computer network, computer system, or digital device’ aimed ‘to steal, expose, alter, disable, or destroy data, applications, or other assets.’ Attackers are propelled by varied motives to inflict the attacks such as malware, social engineering, man-in-the-middle (MITM), and denial of service (DoS) attacks. The implications of these attacks are diverse and detrimental, and among others include financial losses, human rights breaches , as well as erosion of peaceand security.
The African digital landscape is experiencing a remarkable transformation despite the increasing risks of cyberthreats and attacks. In 2022, Statista reported that there were about 570 million internet users. This, inter alia, is catalysed by increasing mobile technology and investment in internet infrastructure.
Despite this, Statista noted a staggering internet penetration rate which in 2022 stood at 43 % as compared to the global average levels at 68%. Moreover, INTERPOL’s 2023 report identified cyberthreats in the continent such as business email compromise, ransomware, phishing, banking trojans and stealers, online scams, cyber extortion, and crimeware-as-a-service (CaaS).
In 2023, the Information Network Security Administration (INSA) reported to have thwarted almost all of the cyberattacks (more than 6, 700) attempted during the 2022/2023 fiscal year. The most critical forms of attacks included website attacks, DDOS, and malware. The International Telecommunication Union’s (ITU) 2024 Global Cybersecurity Index (GCI) rated the country’s commitment towards cybersecurity at Tier 3 in light of its legal, technical, organizational, capacity development, and cooperation pillars labeled as ‘Establishing.’
According to Data Reportal, the country hosts an estimated total population of 134 million, out of which 49.9% are female, 76.1% dwell in rural areas, and 28.6 million are internet users representing an internet penetration of 21.3% in the country. With this statistical characterisation, there is a need for deliberate resource based arrangements by the government to ensure that local laws, institutional and infrastructural measures adequately, effectively and equitably promote inclusive, universal and secure access to digital services by citizens.
Notwithstanding the cyber-attacks, Ethiopia has several legal and policy frameworks that seek to address cybersecurity related matters. The country has a Personal Data Proclamation (Pro No. 1321/2024) which seeks to realise a robust data protection framework to prevent violations, ensure need-based services for users, while building effective responses to data breaches, and the culture of responsible data processing. The Digital Identification Proclamation (Pro No. 1284/ 2023) aims to ensure ‘resident’s right to be identified, enhances the ability to exercise other rights, improves trust between service providers and residents, [and] creates a nationwide enabling environment to ensure transparency, accountability and efficiency.’ The Electronic Transactions Proclamation (Pro No. 1205/ 2020) provides a framework for ‘a more secure legal environment’ for electronic transactions by citizens, private entities, and public actors. The Computer Crime Proclamation (Pro No. 958/2016) incorporates legal mechanisms aimed to ‘prevent, control, investigate and prosecute the suspects of computer crimes.’ Additionally, the Telecom Fraud Offense Proclamation (Pro No. 761/2012), recognizing the increase and wide-spread of telecom fraud, and its dire implications, establishes legal provisions to prevent and control the crime. Lastly, the Media Proclamation (Pro 1238/2021) establishes the obligation of online media on safeguarding content from encouraging prohibited acts such as cyberbullying, protecting the data of users, and obtaining their explicit consent for third party use, as well as abiding by electronic transaction laws.
In addition, the country also has a National Cybersecurity Policy (2024) which is premised on identifying national cybersecurity resilience and the protection of citizen’s human and democratic rights and freedoms in cybersecurity schemes. It also provides a framework for robust partnerships and collaboration, promotion of local technological capabilities, and public awareness. The recently concluded Digital Ethiopia 2025 Strategy,on the other hand, highlights the vitality of cybersecurity for safe and secure digital services for citizens. Most recently, the Ethiopian Government adopted the Digital Ethiopia 2030 Strategy. The Strategy, among other things, aims to empower people and institutions via digital literacy, data-driven decision-making and innovative public institutions, accelerate inclusive digital economic growth, achieve universal digital access, and advance the country’s competitiveness vis-a-vis digital foreign direct investment (FDI). Ethiopia has also recently launched the National Digital Payments Strategy (2026-2030) which envisions an ‘…inclusive, trusted, integrated, and responsibly innovative…’ digital ecosystem in the country.
These legal and policy framework developments are complemented by, among others, the Ethiopian Cyber Emergency Response Team (ETHIO-CERT) which, under the INSA, undertakes the mission of ensuring cybersecurity vis-a-vis local digital infrastructures and deliberation on key stakeholders collaboration for the realisation of a robust and resilient digital ecosystem in the country. Ethiopia and INTERPOL have further restated their joint commitments towards combating transnational crimes, including cybercrimes. Ethiopia is also involved in the Eastern Africa Standby Force (EASF).
These legal and institutional progresses, ought to, address concerns regarding legal loopholes, digital infrastructure, and literacy, as well as Technology-facilitated gender-based violence (TFGBV) which is leading to dire consequences against women and girls in the country. The adversities of the latter are particularly worsened in cases of women human rights advocates who, inter alia, face harassment when they advocate against TFGBV and other forms of GBV.
The spike in cyber threats and attacks calls for robust state preparedness and multi-stakeholder collaboration in efforts to counter the vices. As part of these, there is also need for African member states to expedite the integration of the African Union (AU) Digital Transformation Strategy for Africa (2020-2030), (Malabo) Convention on Cyber Security and Personal Data Protection (2014), AU Data Policy Framework (2022), African Digital Compact (2024), and the Common African Position (CAP) on the Application of International Law in Cyberspace in their national cybersecurity laws. These key legal frameworks, read together, affirm commitments towards legal harmonization and adherence to key global international legal standards on data governance and digital transformation such as those laid in the Budapest Convention on Cybercrime (2001).
While recognizing the immense opportunities which come along with digital advancements, the realization of the strategic initiatives as well as a robust cybersecurity governance in Ethiopia thus calls for a human right- centered, coherent, and well-synchronized approach in the implementation of laws. The laws should also be aligned with regional and international standards with a backing of effective institutional and inter-institutional coordination, multi-stakeholder collaboration at all levels, digital literacy and capacity building. There is also the need to embed the gender-transformative approach to cybersecurity programming to effectively capture, counter, and transform deeply rooted norms and values which continue to perpetuate gender inequality. Such should be the basis for the promotion of the digital rights and freedoms of all Ethiopian citizens and redress of common challenges faced by the most vulnerable groups in the country.