By George Kamau

Copyright techtrendske

In Rabat on 17 September 2025, the 6th meeting of the African Network of Cybersecurity Authorities (ANCA) delivered a signal moment: member states unanimously re-elected Ghana as chair for a second term, extending its leadership through what could be a pivotal phase in Africa’s cybersecurity evolution.

That outcome was hardly surprising — Ghana had been the inaugural chair, credited with shepherding the adoption of a constitution and a five-year strategy in ANCA’s early phase. But the practical question now is not whether Ghana leads, but whether it can translate ambition into traction — and whether ANCA as an institution can evolve from a forum into a force.

This feature takes a deeper look: how Ghana got here, what capacity ANCA now has, where the fault lines lie, and what success or failure might look like across the continent’s cybersecurity terrain.

A seat at the table: Origins, mandate, and Ghana’s early push

To understand the significance of Ghana’s re-election, we must see it in context.

ANCA was birthed under the umbrella of Smart Africa as a continental platform for national cybersecurity authorities to coordinate, share intelligence, and amplify Africa’s voice on global cybersecurity policy. Earlier this year, the body adopted its constitution and unveiled a five-year roadmap — key stepping stones from concept to structure.

Morocco has pledged to host a regional Computer Emergency Response Team (CERT) to serve ANCA members, anchoring operational infrastructure in North Africa.

Ghana’s early stewardship already bears symbolic weight. The country’s Cyber Security Authority (CSA) has emphasized that “together, we can transform current challenges into opportunities for a safer cyber ecosystem in Africa.” Recognition followed, with the CSA’s director receiving a continental award for leadership in shaping the network.

That initial term was mostly about laying bricks — constitutions, strategy, securing buy-in — rather than operational wars. The real test begins now.

Who’s at the table: ANCA’s founding members

For now, ANCA is a coalition anchored by a mix of West, North, East, and Central African states. Its official roster includes:

Benin, Burkina Faso, Cameroon, Chad, Congo Republic, Djibouti, Gabon, Ghana, Guinea, Kenya, Morocco, Mozambique, Rwanda, Senegal, Sierra Leone, Togo, and Tunisia.

The composition reflects both heavyweights with established cybersecurity frameworks — Ghana, Kenya, Morocco, Rwanda — and countries still building basic national defenses. That unevenness is precisely what gives the bloc its urgency: without shared standards, vulnerabilities in one jurisdiction can ripple quickly across borders.

Holding the line: why the chair’s role shapes Africa’s cyber future

If Ghana’s second term were just ceremonial, that would be one thing. But the timing suggests it’s more. Several dual pressures converge now:

Rapid threat growth. As Africa’s internet penetration and reliance on digital services rise, so too do vulnerabilities to ransomware, phishing, state-level intrusions, IoT exploits, and cross-border cybercriminal syndicates.
Policy fragmentation. While some African nations have passed cybersecurity laws, enforcement regimes vary widely. In West Africa, for example, legal frameworks often lack the institutional follow-through to prosecute cybercrime effectively.
Global voice and power. From debates at the ITU to norms around digital sovereignty and data localization, Africa needs a coordinated front. ANCA offers a single oratory platform in forums where bilateral representation is weak.
Resourcing and credibility. For ANCA to be effective, it must be more than a meeting place. It needs technical infrastructure, funding, rapid response mechanisms, trust among members — and a credible leader.

In short: the ambition is huge, but failure to deliver could deepen trust deficits and leave Africa even more exposed.

The challenges ahead: From strategy to execution

Diverging national capacities

One of ANCA’s biggest challenges is the disparity among member states. Some nations have well-resourced cybersecurity agencies and CERTs; others are still nascent. Harmonizing expectations, protocols, and standards in that context is difficult.

Funding, autonomy, and incentives

Constitution and strategy documents are one thing; budgets and incentives are another. ANCA will need predictable funding — whether from member states, development partners, or private sector — to hire staff, run operations, maintain infrastructure, and support joint initiatives.

Realizing cross-border collaboration

The ethos of ANCA is cooperation, not competition. Yet when cyberattacks cross borders, jurisdictional, legal, diplomatic, and sovereignty issues intrude. Getting national agencies to trust one another enough to share sensitive indicators or pursue coordinated takedowns is easier said than done.

Measuring performance and accountability

ANCA’s five-year strategy is a plan, but what are the milestones? What does success look like? How will member states’ compliance be measured? These accountability questions must be answered to avoid sliding into “talk shop” territory.

If Ghana’s role is to steer, it must also guard against becoming a gatekeeper. Ensuring that smaller states don’t feel marginalized or outpaced will be vital.

Paths forward: What Ghana’s leadership could do

Quick wins to build trust

Delivering early tangible benefits — such as shared threat intelligence, capacity-building programs, joint exercises, or coordinated incident responses — will deepen legitimacy.

Modular capacity support

Instead of applying a one-size-fits-all model, ANCA can pilot modular support packages tailored for states at different maturity levels.

Private sector and academia engagement

Cybersecurity cannot rest on governments alone. Partnerships with cybersecurity firms, tech platforms, universities, and civil society can deepen talent pipelines, incident readiness, and research collaboration.

Regional hubs and CERT interoperability

If Morocco holds a regional CERT for North Africa, other hubs could emerge in West, East, and Southern Africa, forming a federated CERT network under ANCA.

Monitoring and transparency

A public dashboard of progress — incidents handled jointly, training delivered, adoption rates of common frameworks — would boost credibility and keep pressure on members.

What remains unclear as ANCA moves from strategy to action

What comes next for ANCA rests less on declarations than on whether its members can turn cooperative intent into binding practice. The question of harmonized cybersecurity laws and breach notification regimes is already on the table. Larger economies — South Africa, Kenya, Nigeria — have both the regulatory muscle and institutional depth to move first, but others may struggle to keep pace. That unevenness could produce exactly the patchwork ANCA was designed to prevent.

Trust is another fragile currency. Few states will be eager to expose incident data unless they believe the network can guarantee confidentiality and reciprocity. In practice, that means a small circle may share information at first, while others watch from the sidelines until confidence builds.

Then there is the matter of money. Donor support is welcome but rarely permanent. Unless ANCA can secure sustainable contributions from members, it risks operating at the mercy of external cycles — a vulnerability that could blunt its independence just as cross-border threats intensify.

The hardest test may come not in boardrooms but in the heat of a crisis. If a continent-wide cyberattack struck financial systems or energy grids, would ANCA move beyond commentary to orchestrate a joint operational response? Right now, the likeliest outcome would be partial coordination: statements, selective collaboration, but not yet the kind of continent-wide incident management the bloc aspires to.

And Ghana’s role, though solid today, may not remain uncontested. Accra has carved out a leadership seat through early investment and diplomatic reach. But as the framework matures, regional heavyweights like Kenya, South Africa, or Nigeria could push for greater influence, reshaping the balance of power within the network.

Reading between the lines of Accra’s move

At stake is more than prestige. Africa is building a digital economy that may define its place in the 21st century. If cybersecurity infrastructure is weak, the gains from connectivity, fintech, e-government, digital health, and AI can be undone by breaches, outages, and distrust.

Ghana’s second term is more than a political win; it’s a call to execution. The distinction between mission and map. Whether ANCA becomes an engine or remains an agenda folder will define Africa’s resilience in a hostile cyber era.

Go to TECHTRENDSKE.co.ke for more tech and business news from the African continent.

Mark your calendars! The TechTrends Pulse is back in Nairobi this October. Join innovators, business leaders, policymakers & tech partners for a half-day forum as we explore how AI is transforming industries, driving digital inclusion, and shaping the future of work in Kenya. Limited slots – Register now – here.

Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke

TechTrends Media Podcasts