Internal auditors have been advised to adopt and implement the necessary measures to audit IT systems as part of their organisation’s cybersecurity measures.

This was said by the Head of National Cyber Security Centre (NCSC), Dr Albert Antwi-Boasiako, in a presentation at the Ghana 2021 Annual National Internal Audit & Governance Conference on June 9, 2021, held virtually in Accra.

Dr Antwi-Boasiako stressed that, in view of the current digitalisation of business processes, Auditors need to develop the necessary competencies to conduct a system-based audit as part of internal audit functions. Dr Antwi-Boasiako urged institutions to have procedures in place to examine the Information Technology (IT) systems introduced into their operational environment and to verify that such systems are secured. He added that they should also ensure that consultants they work with have not only the necessary skills but also integrity to protect their IT systems. This advice was necessitated in view of reported cybersecurity incidents involving insiders and external consultants.

The Head of the NCSC further informed participants that the State, as the enabler of cybersecurity development, is taking the necessary measures to ensure the safety of Ghana’s cyber ecosystem. He mentioned the institutionalisation of cybersecurity, the development and adoption of a National Cybersecurity Policy & Strategy and the passage of the Cybersecurity Act, 2020 (Act 1038) as the enabling pillars to improve the cybersecurity readiness of the country.

In response to a question on why only a few cybercrimes are investigated, Dr Antwi- Boasiako revealed that due to the borderless and technical nature of cybercrimes, only about 25 per cent of incidents are successfully investigated and prosecuted, even by wealthy countries with adequate resources for law enforcement.

He added further that, according to the World Economic Forum, Global Risks Report 2020, cybercrime is expected to reach US$ 6 trillion in 2021. The report further indicates that cyber-attacks on critical infrastructure rated the fifth top risk in 2020. This development, therefore, calls for domestic and international corporations to ensure cybersecurity in the country, especially as Ghana continues to rely on technologies that are produced or hosted in other jurisdictions. Dr Antwi-Boasiako raised concerns about the impact of potential attack on the global IT supply chain on Ghana, especially regarding critical information infrastructures in the banking, telecommunication, energy and health sectors.

Commenting on efforts to ensure cybersecurity in the country, he said Ghana has enacted the necessary legislation in the form of the Cybersecurity Act 2020, Act 1038, which will establish the Cyber Security Authority, regulate cybersecurity activities and promote the development of cybersecurity in the country. He stated further that the National Cybersecurity Policy and Strategy document is currently undergoing ministerial review before it is considered by Cabinet. He assured participants that the Minister for Communications & Digitalisation, who is responsible for cybersecurity in Government, will soon outline a number of interventions to protect Ghana’s critical information infrastructures.

Dr Antwi-Boasiako indicated that the Government has shown commitment in a number of ways towards improving Ghana’s cybersecurity readiness and anticipated that the newly established Cyber Security Authority would adopt an incentive-based regulatory approach to facilitate collaboration among relevant stakeholders – both governmental and non-governmental actors - regarding the implementation of the Cybersecurity Act.