News

“It is anticipated that, starting January 2023, a business, a firm or an individual will not be able to offer cybersecurity services unless the entity or the individual is licensed or accredited by the Cyber Security Authority (CSA)”. This was said by the Ag. Director-General of the CSA, Dr. Albert Antwi-Boasiako at the Media Launch of the annual Cyber Security Awareness Month in Accra on September 14, 2022.

Dr. Antwi-Boasiako indicated that the proliferation of cyber-attacks targeting individuals, businesses and critical infrastructure has made regulatory compliance one of the most effective and reliable strategies to mitigate cyber risks within the industry globally. “In this regard, the implementation of cybersecurity regulations is imperative to deal with both existing and emerging cyber threats which have the potential to undermine the digital dividends expected from our digital economy.”

He indicated that, the Cybersecurity Act, 2020 (Act 1038) provides the regulatory framework to promote cybersecurity development in the country and that the Cyber Security Authority (CSA) has commenced a number of regulatory activities including the protection of Critical Information Infrastructures, pursuant to Section 35 to 40 of Act 1038; licensing of Cybersecurity Service Providers pursuant to Sections of 49 to 56 and regulations on cybersecurity incident reporting and response, pursuant to Sections 41 to 48 of the Cybersecurity Act, 2022.

In addition, designated Critical Information Infrastructure Owners shall be subjected to mandatory audit and compliance checks against the Directive for the Protection of Critical Information Infrastructures which was adopted on October 1, 2021. These are part of the new regulations and measures being implemented pursuant to the Cybersecurity Act, 2020.

According to the Director-General, collaborative regulations hold the key to bring both the public and private sector stakeholders together towards achieving a secure and resilient digital Ghana and hence the NCSAM 2022 celebrations will take place from October 1-31, 2022 under the theme: Regulating Cybersecurity: A Public-Private Sector Collaborative Approach”. “The Authority will engage with stakeholders including public consultations for inputs into the various regulations which are expected to take full effect starting January 2023.”

He urged all stakeholders to participate fully in awareness month events for an effective outcome whilst calling on the private sector, faith-based organisations, academia and Civil Society Organisations, the entire public and the media to use the period to educate their members on cybersecurity.