At the dawn of the 21st century, Africa was a continent with a nascent digital presence, characterized by limited internet access and sparse broadband connectivity. Fast forward a quarter of a century, and the narrative has dramatically shifted. While only 38% of Africans are currently connected to the internet, a figure notably lower than the global average of 68%, the continent has undeniably fostered a vibrant digital ecosystem that serves as a powerful engine for economic growth and job creation, particularly for its youthful demographic, with a significant 70% of its population under the age of 30. The transformative power of digitalization is perhaps most vividly illustrated by the continent’s strides in financial inclusion.
Africa has emerged as a global powerhouse in mobile money, boasting an impressive 1.1 billion registered accounts across sub-Saharan Africa alone, representing more than half of the world’s 2.1 billion mobile money accounts. More profoundly, the continent accounts for a staggering 74% of all mobile money transactions globally, with over 81 billion transactions processing an astonishing $1.1 trillion in value during 2024. This surge in digital engagement, however, has unfortunately made the continent an increasingly attractive target for a sophisticated and evolving array of cybercriminals.
The spectrum of threats is broad and multifaceted, encompassing phishing scams, malware infections, ransomware attacks, identity theft, unauthorized access, business email compromise, social media fraud, and even large-scale data breaches and digital sextortion. What was once considered a purely technical challenge has now escalated into a tangible threat, not only to businesses but also to the very stability of the socio-economic fabric across the continent. Jalel Chelba, the acting Executive Director of Afripol, underscores this shift, stating, "Cybersecurity is not merely a technical issue; it has become a fundamental pillar of stability, peace, and sustainable development in Africa." He further emphasizes that this menace poses a significant threat to the digital sovereignty of nations, the resilience of institutions, public trust, and the efficient functioning of economies.
The Paramount Concern: Cybersecurity Risks as a Top Priority
From government agencies and financial institutions to telecommunications companies, betting firms, critical infrastructure, and virtually every facet of daily life, the question is no longer if cybercriminals will strike, but rather how frequently. A comprehensive survey conducted by audit firm PwC in East Africa corroborates this sentiment. Within the region, an overwhelming 74% of businesses identify cyber risks as their foremost concern, significantly overshadowing macroeconomic volatility (51%) and geopolitical risks (12%).
The repercussions of these attacks are tangible and costly. In recent years, prominent entities such as Eneo in Cameroon, South African Airways, the Kenya Urban Roads Authority, Telecom Namibia, Morocco’s National Social Security Fund, and even the Bank of Uganda (BoU) have fallen victim. The Bank of Uganda incident serves as a stark illustration of the determined nature of cyber attackers. In November of the previous year, a breach of its IT systems by a group identifying itself as ‘Waste’ resulted in the loss of $16.8 million from the bank’s reserves.
Across the continent, the escalating challenge of cybercrime is inflicting substantial financial losses, with scammers reportedly siphoning away more than $4 billion annually. This figure is equivalent to approximately 10% of the combined GDP of affected nations. Countries such as Kenya, Nigeria, South Africa, Egypt, Morocco, Uganda, Ghana, and even war-torn and economically fragile South Sudan are bearing the brunt of this problem, which is exacerbated by low levels of digital literacy. Research indicates that only 50% of African countries integrate computer skills into their school curricula, a stark contrast to the global average of 85%.
Experts express concern that while the challenge of cyberattacks in Africa is approaching crisis levels and risks undermining the significant gains made in digitalization, the measures being implemented to combat the problem are not sufficiently robust. The continent often relies on fragmented policies and ad-hoc interventions to address cybercrime. More troubling is Africa’s continued dependence on the global community for guidance, support, and funding for operations aimed at dismantling cybercriminal networks.
Ewan Sutherland, a Visiting Adjunct Professor at the LINK Centre, University of the Witwatersrand (Wits) in South Africa, highlights the urgency: "The complexity and fluidity of cyberattacks mean that Africa requires urgent and coordinated actions to deal with the problem." He further asserts that the continent cannot fully harness the benefits of increasing connectivity and digitalization without robust and secure mechanisms and systems to combat cybercrimes.
Interpol’s 2025 Africa Cyberthreat Assessment Report portrays Africa as a "landscape in flux" concerning cybercrime. The report indicates a growing proportion of reported crimes on the continent are now cyber-related, with Western and Eastern Africa being particularly entrenched in this issue, where cybercrime accounts for over 30% of all reported offenses.
Interpol is actively leading efforts to assist Africa in addressing this challenge. In August, an initiative codenamed Operation Serengeti 2.0 successfully dismantled cybercrime and fraud networks across 18 countries. This operation resulted in the recovery of $100 million, the dismantling of 11,400 malicious infrastructures, and the apprehension of 1,210 cybercriminals who had targeted nearly 88,000 victims. A similar operation conducted last year across 19 countries led to the arrest of over 1,000 suspects and the disruption of 134,000 infrastructures linked to $193 million in financial crimes affecting 35,000 victims. It is noteworthy that Interpol’s operations continue to be externally funded, primarily by the governments of the UK and Germany, as well as the Council of Europe.
The growing realization that a burgeoning digital revolution is increasingly becoming a source of vulnerability and economic loss is compelling Africa to take action, albeit with each nation charting its own course. This stems from the fact that continental ambitions under the African Union Convention on Cybersecurity and Personal Data Protection, widely known as the Malabo Convention, have yet to translate into concrete, widespread implementation. Despite its adoption in 2014 and coming into effect in 2023, the convention is perceived as somewhat outdated in a rapidly evolving technological landscape that includes artificial intelligence, cloud computing, the Internet of Things, and blockchain. For instance, cybercriminals are leveraging AI to develop more sophisticated tools like WormGPT, FraudGPT, and DarkBERT, which facilitate targeted, effective, and harder-to-detect attacks.
Furthermore, the fact that only 15 countries have ratified the convention significantly hinders regional or cross-border cooperation in combating cyberattacks, whose orchestrators often operate beyond national borders. Chinese nationals, in particular, have been identified as key architects in instigating attacks on the continent. In the Interpol-led operation, for example, Angolan authorities dismantled 25 cryptocurrency mining centers where 60 Chinese nationals were found to be illegally validating blockchain transactions to generate cryptocurrency.
Mugambi Laibuta, a Kenyan-based privacy and data protection specialist, states, "African countries are enacting the necessary laws and building homegrown capacity to deal with cybercrimes." He points to the fact that 46 countries now have data protection laws that mandate the reporting of attacks within 72 hours as evidence of the continent’s growing awareness of the problem’s seriousness.
The Scale of Economic Impact: Significant Losses and Emerging Defenses
Kenya serves as a pertinent case study. Data from the Communications Authority indicates that the country recorded a staggering 2.5 billion cyberthreat incidents in the first quarter of 2025, representing a significant 201.7% increase from the preceding quarter. The estimated GDP loss in Kenya due to cyberattacks stands at 3.6%. As a pioneer in mobile money, digital lending, and fintech innovations, Kenya has become a prime target for hackers and scammers. In response, the Central Bank of Kenya has established a cybersecurity operations center, equipped to provide critical services such as cyber threat intelligence, incident response, digital forensics, and investigations.
Ali Hussein, a Kenya-based digital transformation consultant, observes, "Governments in Africa must realize that cybercrime has the potential to cripple the digital revolution success story." He emphasizes that for this reason, the continent requires sustainable approaches to digital security.
One critical approach that is showing promise, albeit on a smaller scale, is collaboration with international partners. The success of Interpol, in collaboration with Afripol and partners like Cybercrime Atlas, Fortinet, and Kaspersky, in executing operations to dismantle cybercrime ecosystems provides a solid foundation for the continent to build upon. Experts suggest that by engaging more public and private sector institutions, Africa may not eradicate cybercrime entirely, but it possesses the potential to significantly curb its proliferation.
Sutherland advises, "Africa must realize that depending on the international community is a stopgap intervention. In the long term, governments must take the lead in disrupting cybercrime networks."
In this regard, a growing number of governments are demonstrating positive steps, particularly in enacting laws and regulations and formulating national cybersecurity strategies that clearly define guiding principles for addressing the menace. These efforts encompass technology transfer, capacity building, and information sharing.
Increased Investment in Digital Fortifications
Crucially, Africa recognizes that the war on cybercrime cannot be won through mere strategies and policies on paper. Consequently, both governments and private companies are augmenting their cybersecurity budgets to invest in robust systems, which are inherently costly. Global consulting firm Kearney provides context for this investment, estimating that countries must spend a substantial $22 billion between 2022 and 2026 to address investment gaps and ensure sustained commitment to cybersecurity. In Kenya, for instance, banks are already allocating as much as $4.6 million annually towards cybersecurity initiatives.
Laibuta offers a stark warning: "Any organisation that is not embedding cybersecurity in its strategy is walking blind." He further notes that the significant allocation of resources towards hiring qualified personnel and talent training by a majority of companies indicates a serious recognition of cybersecurity risks.
For Africa, the reality is that its digital evolution is inextricably linked with the persistent threat of cyberattacks, which continue to evolve and adapt. While completely disentangling the two may prove elusive, the key to sustaining the digital economy boom lies in constructing an insurmountable defense and an unbreachable barrier against vulnerabilities.
