•  
  •  
 

Publication Date

7-13-2026

Abstract

The rapid deployment of Industrial Internet of Things (IIoT) systems across Sub-Saharan Africa's extractive, energy, logistics, and agro-industrial sectors has introduced a cybersecurity challenge of growing urgency: industrial networks that were designed for operational efficiency are increasingly exposed to cyber threats for which neither the organizations nor the regulatory frameworks are adequately prepared. This article examines the cybersecurity governance of IIoT systems in a developing African economy, using Mozambique as a primary case study and drawing comparative lessons from South Africa, Rwanda, and Kenya. Through an integrative literature review and documentary analysis of national digital, cybersecurity, and industrial policies, the study identifies five critical cybersecurity governance gaps: the absence of IIoT-specific cybersecurity policy, lack of industrial data governance legislation, fragmented radioelectric spectrum regulation for IoT technologies, workforce skill deficits in operational technology security, and the absence of mandatory security-by-design requirements for industrial IoT deployments. The article maps the specific threat landscape facing IIoT systems in Mozambique's priority industrial sectors — including sensor tampering in remote mining infrastructure, ransomware targeting operational technology networks, man-in-the-middle attacks on logistics tracking systems, and supply chain compromises in agro-industrial IoT deployments — and proposes a structured cybersecurity governance framework calibrated to the resource constraints and industrialization priorities of developing economies. The findings contribute to the growing body of literature on cybersecurity policy in the Global South and offer actionable recommendations for policymakers, regulators, and security practitioners operating in similar developmental contexts.

Share

COinS