Socio-cultural influences on cybersecurity policy in Africa

Introduction Cybersecurity has often been framed as a technical challenge, however, public responses to digital threats are deeply embedded in social, cultural, and institutional context. Methods This study presents a systematic literature review of 27 peer-reviewed studies published between 2017 and 2025, examining how socio-economic status, cultural norms, institutional trust, and educational access shape public perceptions of cyber risk and government cybersecurity policy responses in Africa. Using the PRISMA framework, the review draws on bibliometric mapping and hybrid inductive-deductive thematic analysis. Results Five cross-cutting patterns emerge from the synthesis: (1) education increases risk recognition but not protective behaviour; (2) socio-economic inequality and infrastructure deficits generate digital resignation; (3) collectivist cultural values distribute cybersecurity responsibility across community networks rather than to individuals; (4) institutional trust is the decisive mediator between policy awareness and compliance, particularly in post-colonial African contexts; and (5) governance frameworks adopted from high-income countries fail when detached from the socio-cultural realities of their implementation environments. Discussion Based on Hofstede’s Cultural Dimensions Theory, Protection Motivation Theory (PMT), and Institutional Trust Theory, the study proposes a conceptual model positioning cultural context as the primary mediator between structural conditions and cybersecurity outcomes. The central policy implication is direct: awareness campaigns alone are insufficient, effective African cybersecurity governance must simultaneously rebuild institutional trust, engage community networks as delivery mechanisms, and address the socio-economic conditions that produce digital resignation. The study contributes actionable, evidence-based policy recommendations for inclusive and context-sensitive cybersecurity governance across African sub-regions, and constitutes the first systematic synthesis to foreground Africa’s socio-cultural diversity as a central analytic variable in cybersecurity policy research.