Cybersecurity toolkits for SMEs – Strengthening the cybercrime defences of Nigerian small businesses

Summary

This project is part of the United Kingdom Foreign, Commonwealth & Development Office (FCDO) commitment to build national cyber security capacity and resilience to cybersecurity threats in five middle-income countries. The UK Government’s Digital Access Programme provides support through: Government-to-Government technical assistance; cyber hygiene training; public awareness-raising; and research. It aims to reduce the impact of cyber harms on their governments, economies and citizens – particularly amongst groups vulnerable to online exploitation.

Details

Aim

To improve Nigerian SMEs knowledge and understanding of cyber threats and to increase cyber resilience and enable them to protect themselves from cyber threats also to the benefit of the Development Agency of Nigeria (SMEDAN), the National Information Technology Development Office (NITDA), and the Office of the National Security Advisor (ONSA).

Context

Small and medium-sized enterprises (SMEs) in Nigeria are critically important to the country’s economy. However, they often have insufficient security measures in place to protect them from the growing threat of cybercrime. Attacks against them can cause significant financial hardship or even force them to stop trading. With SMEs responsible for the majority of Nigerian employment, the impact of successful attacks can be significant. Without a better understanding of cybersecurity threats or access to suitable resources, SMEs are likely to continue without effective controls in place, making them vulnerable to attacks.

Outcomes

• Increased cybersecurity capacity amongst SMEs, with increased awareness of threats.
• Inclusion of the toolkit by the Future Females Business School in their graduation ceremony of over 100 female entrepreneurs from the programme. By October 2022, the toolkit had been accessed 18,596 times.
• SMEs increased cyber controls and cyber hygiene levels across their organisation, invested in cyber protection tools, provided training on good cyber hygiene to their employees and have increased knowledge about how to defend themselves against cyber-attacks and protect consumer data.

Outputs

• A cybersecurity toolkit, developed through consultation with stakeholders including government departments and local NGOs.
• A communications strategy and implementation plan for the dissemination of the toolkit to local NGOs.

To do this, the project team partnered with the UK-based Global Cyber Alliance to develop a free online cybersecurity toolkit. This was tailored to the Nigerian business environment and cyber threat landscape and used relatable, real-life examples. It was accompanied by cyber training for the business owners to help SMEs better understand their current cyber maturity and posture.

The toolkit was made available via the networks of partner organisations such as the Cybersafe Foundation, SMEDAN and ONSA. As well as a pilot and main launch event, train-the-trainer sessions were also held for Nigerian organisations and government departments who support local SMEs. This activity resulted in training being delivered to over 150 business owners, trainers and facilitators in just six months.

Activities

• A pilot launch of the toolkit, with cyber e-learning provided to female-owned SMEs.
• A hybrid main launch event, attended by over 100 delegates.
• Train-the-trainer sessions with ten organisations that support Nigerian SMEs.
• A one-day train-the-trainer workshop delivered with SMEDAN.
• Workshops and conferences to distribute, and raise awareness of, the toolkit among NGOs and SMEs.