Africa’s digital boom faces a growing cyber threat

As Africa emerges as a global leader in mobile money and digital innovation, a wave of cyberattacks is threatening to derail its progress. Experts warn that without stronger, homegrown cybersecurity systems, the continent’s digital future could be at risk

 
 
Featured | Strategy
Author: John Muchira, Features Writer

Top 5

  1. Top 5 female-fronted fintech firms
  2. Top 5 Latin American tech hubs
  3. Top 5 sustainability pioneers in Europe
  4. Top 5 keys to global economic recovery
  5. Top 5 WFH habits, according to the world’s most successful business leaders
  6. Top 5 pandemic-proof industries
  7. Top 5 countries to be world’s next manufacturing hubs
  8. Top 5 most influential and inspirational US economists
  9. Top 5 ways to boost employee engagement and commitment
  10. Top 5 financial services that are ripe for automation
  11. Top 5 ways that GDPR has impacted digital banking
  12. Top 5 emerging fintech hubs across the globe right now
  13. Top 5 ways that the finance industry can prepare for AI
  14. Top 5 economic risk factors that must be considered
  15. Top 5 tips for retailers looking to sell into Chinese market

At the turn of the millennium, Africa was a metaphorical desert in terms of internet access and broadband connectivity. A quarter of a century later, the continent has recorded tangible successes in opening up the digital space. Granted, only 38 percent of Africans are connected to the internet compared to a global average of 68 percent. However, it is indisputable that the continent is home to a burgeoning digital ecosystem that is anchoring economic development and job creation for its young population, 70 percent of whom are under the age of 30. The push towards financial inclusion exemplifies the transformative impacts of digitalisation.

Today, Africa is the bastion of mobile money, with 1.1 billion registered accounts in sub-Saharan Africa. This is more than half of the 2.1 billion global accounts. More fundamentally, the continent accounts for 74 percent of all mobile money transactions globally, with over 81 billion transactions handling a staggering $1.1trn in value in 2024.

The question is no longer whether cybercriminals will strike – but how often

Unfortunately for Africa, the unprecedented digital transformation is coming under serious threat from cybercriminals. The continent has become a fertile ground for attacks, which come in all forms from phishing, malware, ransomware, identity theft, hacking, business email compromise, social media fraud, to large-scale breaches and even digital sextortion. Once a technology problem, cyberattacks have morphed into real threats not just for businesses, but the stability of the socio-economic order.

“Cybersecurity is not merely a technical issue; it has become a fundamental pillar of stability, peace, and sustainable development in Africa,” said Jalel Chelba, Afripol acting Executive Director. He added that the menace is a major threat to the digital sovereignty of states, the resilience of institutions, citizen trust and the proper functioning of economies.

Topmost concern
From government agencies, financial institutions, telecoms and betting companies, to critical infrastructures and all spheres of life, the question is no longer whether cybercriminals will strike, and when. Rather, it is a matter of how often. A survey by audit firm PwC in East Africa confirms this fact. In the region, 74 percent of businesses reckon cyber risks are the topmost concern. Macroeconomic volatility and geopolitical risks rank way below, at 51 percent and 12 percent respectively.

In recent years, companies like Eneo in Cameroon, South Africa Airways, Kenya Urban Roads Authority, Telecom Namibia, Morocco’s National Social Security Fund and even Bank of Uganda (BoU) have fallen victim to attacks. BoU offers a glimpse of just how determined hackers are. In November last year, a breach of IT systems by a group calling itself ‘Waste’ saw the bank lose $16.8m from its coffers.

Across the continent, the rising challenge of cybercrime is bringing about massive losses, with scammers siphoning away in excess of a whopping $4bn annually. The amount is equivalent to 10 percent of GDP. Kenya, Nigeria, South Africa, Egypt, Morocco, Uganda, Ghana and even war-ravaged and poverty-stricken South Sudan are among the countries bearing the brunt of the problem, which is compounded by low digital literacy rates. Research shows that only 50 percent of African countries include computer skills in their school curriculum, compared to a global average of 85 percent.

Tragically, experts reckon that although the challenge of cyberattacks in Africa borders on a crisis that risks wiping out gains in digitalisation, measures to tackle the problem do not inspire confidence. The continent is largely deploying fragmented policies and interventions to fight cybercrime. More worrying is that Africa continues to depend on the global community not only for direction and support, but also for funding operations designed to cripple cybercriminal networks.
“The complexity and fluidity of cyberattacks means that Africa requires urgent and coordinated actions to deal with the problem,” says Ewan Sutherland, Visiting Adjunct Professor at LINK Centre, University of the Witwatersrand (Wits) in South Africa. He adds that the continent cannot fully exploit the benefits of deepening connectivity and digitalisation without watertight mechanisms and systems to deal with cybercrimes.

Interpol, in its 2025 Africa Cyberthreat Assessment Report, paints a picture of Africa as a ‘landscape in flux’ as far as cybercrime is concerned. The report contends that a growing share of reported crimes in the continent are cyber-related. The problem is entrenched in western and eastern Africa, where cybercrime accounts for more than 30 percent of all reported crimes.

Interpol is taking leadership in helping Africa deal with the problem. In August, a mission dubbed Operation Serengeti 2.0 managed to dismantle cybercrime and fraud networks across 18 countries. The operation led to the recovery of $100m, the dismantling of 11,400 malicious infrastructures and the arrest of 1,210 cybercriminals who had targeted nearly 88,000 victims. A similar operation last year in 19 countries led to the arrest of over 1,000 suspects and the dismantling of 134,000 infrastructures linked to $193m in financial crimes that had targeted 35,000 victims. Notably, Interpol’s operations continue to be foreign funded, specifically by the UK and Germany governments as well as the Council of Europe.

Realisation that a booming digital revolution is fast becoming a source of increased vulnerability and economic loss is forcing Africa into action, albeit with each country carving its own path on how to deal with the problem. This emanates from the fact that continental ambitions under the African Union Convention on Cybersecurity and Personal Data Protection, popularly known as the Malabo Convention, have not amounted to any concrete actions. Despite being adopted in 2014 and coming into effect in 2023, the convention is seen as archaic in a fast-changing environment characterised by new technologies like artificial intelligence, cloud computing, internet of things and blockchain, among others. Using AI, for instance, criminals are building more sophisticated tools like WormGPT, FraudGPT, and DarkBERT that facilitate targeted, effective and harder-to-detect attacks.

Besides, the fact that only 15 countries have ratified the convention undermines any efforts towards regional or cross-border cooperation in combating cyberattacks, whose masterminds transcend borders. Chinese nationals, in particular, remain as key architects in instigating attacks in the continent. In the Interpol-led operation for instance, authorities in Angola dismantled 25 cryptocurrency mining centres where 60 Chinese nationals were found to be illegally validating blockchain transactions to generate cryptocurrency.

“African countries are enacting the necessary laws and building homegrown capacity to deal with cybercrimes,” states Mugambi Laibuta, a Kenyan-based privacy and data protection specialist. He adds the fact that 46 countries have data protection laws that mandate reporting of attacks within 72 hours shows the continent is waking up to the seriousness of the problem.

Huge losses
Kenya is a case in point. Data by the Communications Authority shows the country recorded 2.5 billion cyberthreat incidents in the first quarter of 2025, representing a 201.7 percent increase from the previous quarter. GDP losses in the country due to cyberattacks is estimated at 3.6 percent.

Being a pioneer in the mobile money space, digital lending and fintech innovations, the country has become a playing field for hackers and scammers. Recently, the Central Bank of Kenya established a cybersecurity operations centre as part of measures to fight the menace. The centre is equipped to provide critical services such as cyber threat intelligence, incident response, digital forensics and investigations.

“Governments in Africa must realise that cybercrime has the potential to cripple the digital revolution success story,” observes Ali Hussein, a Kenya-based digital transformation consultant. He adds that for this reason, the continent needs sustainable approaches to digital security.

One critical approach that is bearing fruit, albeit on a small scale, is collaboration with international partners. The fact that Interpol in collaboration with Afripol and partners like Cybercrime Atlas, Fortinet and Kaspersky can execute operations to dismantle cybercrime ecosystems gives the continent a solid foundation on which to build on. Experts contend that by plugging in more public and private sector institutions, Africa might not eradicate cybercrime, but has the potential to stem the tide.

“Africa must realise that depending on the international community is a stopgap intervention. In the long term, governments must take the lead in disrupting cybercrime networks,” notes Sutherland.

On this, a growing number of governments are demonstrating some steps in the right direction, particularly in the area of enacting laws and regulations and crafting national cybersecurity strategies that clearly outline the guiding principles for dealing with the menace. These cut across technology transfer, capacity building and information sharing, among others.

Increasing budgets
Critically, Africa understands that it cannot win the war on cybercrime through fancy strategies and policies on paper. For that reason, governments and private companies are increasing cybersecurity budgets to invest in robust systems, which are not cheap. Global consulting firm Kearney gives context in terms of funding. To address investment gaps and secure a sustained commitment to cybersecurity, countries must spend a staggering $22bn between 2022 and 2026. In Kenya, banks are already budgeting as much as $4.6m annually towards cybersecurity.

Any organisation not embedding cybersecurity in its strategy is walking blind

“Any organisation that is not embedding cybersecurity in its strategy is walking blind,” observes Laibuta. He adds the fact that a majority of companies are directing resources in hiring qualified personnel and talent training is an indication that most take the risks of cybersecurity seriously.

For Africa, the reality is that digital evolution is intricately entangled with cyberattacks, which continue to be a moving target. While separating the two is bound to be elusive, the trick in sustaining the digital economy boom lies in building an insurmountable gap and a rock-hard wall when it comes to vulnerabilities.

Related:
  1. A TikTok deal China will love
  2. Unlocking Nigeria’s potential
  3. Redefining trading for a new generation
  4. African ports struggle to embrace global trade boom
  5. Banco Popular Dominicano: Digitalising Dominican finance
  6. Fintech now and in the near future
  7. The next phase of digital banking
  8. Pioneering innovation and sustainability in Dominican banking
  9. How to defeat a clone attack, and other lessons from a rapidly growing brokerage
  10. Riding the digital wave: Macau’s fintech revolution