Cyber Risk Posture Of Ghanaian Telecommunication Companies: A Case Study Of Vodafone Ghana

Abstract

This study sought to explore the cyber risk posture of Ghanaian telecommunication companies using Vodafone Ghana as a case study. This study used Enterprise Risk Management (ERM) as a theoretical backbone and data were collected and analyzed qualitatively. Scholars define ERM as a holistic, systematic, and integrated approach to the management of the total risks that a company faces. It challenges the norm of siloed and department-specific risk management. The risk management structure and approach of the organization largely follow the tenets of ERM and outlined how cyber risks are identified, mitigated and monitored at different levels. The findings further indicated that telecommunication companies in Ghana experience unique cyber risks due to their capacity in storing and handling sensitive information in operations. Also there seems not to be cross-firm collaboration and experience sharing on the application of the ERM strategy. It seems organizations operate in isolation when it comes to the need of protection against cyber risks. In addition, although Ghana’s national cyber policy evolution and current state is adequate relative to regional and global standards, the enforcement and enactment of provisions is lax and lacking at best. Recommendations from this study are based on ways to enhance cyber security posture in the telecommunications industry and the country. These include collaboration between industry players, public sector collaboration, regional/international cooperation, and awareness campaigns to develop public culture on cyber security.