Once a continent largely defined by limited connectivity and a nascent digital presence, Africa has, in a remarkable two decades, transformed into a vibrant hub of technological innovation and digital integration. This rapid evolution, however, is increasingly shadowed by a growing wave of cyber threats, jeopardizing the continent’s burgeoning digital economy and its potential for sustained growth. While internet penetration remains lower than the global average, standing at approximately 38% compared to the world’s 68%, the tangible progress is undeniable. Africa is now a crucible for digital advancement, fostering economic development and creating vital employment opportunities for its predominantly young population, with over 70% under the age of 30. The drive for financial inclusion, spearheaded by innovative mobile money solutions, serves as a prime example of this profound digital impact.
The continent has emerged as the undisputed global leader in mobile money, boasting an astounding 1.1 billion registered accounts across sub-Saharan Africa, which represents more than half of the total global accounts. More significantly, Africa accounts for an impressive 74% of all mobile money transactions worldwide, with the volume of these transactions reaching over 81 billion in 2024, collectively handling a staggering $1.1 trillion in value. This remarkable surge in digital financial services underscores the continent’s leapfrogging capabilities and its capacity to embrace transformative technologies.
Yet, this extraordinary digital transformation is now confronting a formidable adversary: cybercrime. The continent has become a particularly attractive target for a diverse array of cyberattacks, ranging from insidious phishing schemes and pervasive malware to disruptive ransomware, identity theft, sophisticated hacking operations, business email compromises, social media fraud, and even large-scale data breaches and alarming instances of digital sextortion. What was once considered a purely technical problem has now evolved into a tangible threat, impacting not only businesses but also the fundamental stability of socio-economic structures.
"Cybersecurity is not merely a technical issue; it has become a fundamental pillar of stability, peace, and sustainable development in Africa," stated Jalel Chelba, the acting Executive Director of Afripol. He further emphasized that this pervasive menace poses a significant threat to the digital sovereignty of nations, the resilience of institutional frameworks, the trust of citizens, and the overall healthy functioning of economies.
Cyber Risks Emerge as a Top Priority
Across the spectrum of African economies, from government agencies and financial institutions to telecommunications providers, betting companies, and critical infrastructure, the question has shifted from "if" cybercriminals will strike to "how often." This heightened concern is vividly illustrated by a survey conducted by audit firm PwC in East Africa. In this region, a striking 74% of businesses identified cyber risks as their foremost concern, eclipsing macroeconomic volatility (51%) and geopolitical risks (12%) by a considerable margin.
Recent years have witnessed prominent entities falling victim to cyberattacks. Companies such as Eneo in Cameroon, South Africa Airways, the Kenya Urban Roads Authority, Telecom Namibia, Morocco’s National Social Security Fund, and even the Bank of Uganda (BoU) have all experienced significant breaches. The case of the Bank of Uganda offers a stark illustration of the determination of cyber attackers. In November of the previous year, a breach of its IT systems by a group identifying itself as ‘Waste’ resulted in the loss of $16.8 million from the bank’s reserves, highlighting the substantial financial implications of these attacks.
Across the continent, the escalating challenge of cybercrime is precipitating immense financial losses, with scammers siphoning away an estimated $4 billion annually. This figure is equivalent to approximately 10% of the combined GDP of affected nations. Countries like Kenya, Nigeria, South Africa, Egypt, Morocco, Uganda, Ghana, and even war-torn and economically fragile South Sudan are bearing a disproportionate burden of this problem. This vulnerability is exacerbated by alarmingly low rates of digital literacy. Research indicates that a mere 50% of African countries incorporate computer skills into their school curricula, a stark contrast to the global average of 85%.
Compounding this challenge, experts suggest that while the threat of cyberattacks in Africa is approaching crisis levels and risks undoing hard-won gains in digitalization, the measures being implemented to combat the problem inspire little confidence. The continent largely relies on a patchwork of fragmented policies and reactive interventions. More concerning is Africa’s continued dependence on the global community for guidance, support, and crucially, funding for operations aimed at dismantling cybercriminal networks.
"The complexity and fluidity of cyberattacks necessitate urgent and coordinated actions from Africa to address the problem," observed Ewan Sutherland, a Visiting Adjunct Professor at the LINK Centre, University of the Witwatersrand (Wits) in South Africa. He further contended that the continent cannot fully harness the benefits of deepening connectivity and digitalization without robust and impenetrable mechanisms and systems in place to counter cybercrimes.
Interpol’s 2025 Africa Cyberthreat Assessment Report paints a picture of the continent as a "landscape in flux" regarding cybercrime. The report highlights that a growing proportion of reported crimes across Africa are now cyber-related, with the problem being particularly entrenched in Western and Eastern Africa, where cybercrime accounts for over 30% of all reported offenses.
Interpol is actively leading efforts to assist Africa in confronting this challenge. In August, a mission codenamed "Operation Serengeti 2.0" successfully dismantled cybercrime and fraud networks spanning 18 countries. This operation led to the recovery of $100 million, the dismantling of 11,400 malicious infrastructures, and the apprehension of 1,210 cybercriminals who had targeted nearly 88,000 victims. A similar operation conducted the previous year across 19 countries resulted in the arrest of over 1,000 suspects and the disruption of 134,000 infrastructures linked to $193 million in financial crimes that had affected 35,000 victims. It is noteworthy that Interpol’s operations continue to be supported by foreign funding, primarily from the governments of the UK and Germany, as well as the Council of Europe.
The growing realization that a burgeoning digital revolution is rapidly becoming a source of increased vulnerability and economic loss is compelling Africa to act, albeit with each nation charting its own course. This decentralized approach stems partly from the fact that continental ambitions under the African Union Convention on Cybersecurity and Personal Data Protection, widely known as the Malabo Convention, have yet to translate into concrete, widespread actions. Despite its adoption in 2014 and its coming into effect in 2023, the convention is perceived as increasingly outdated in a rapidly evolving technological landscape characterized by advancements like artificial intelligence (AI), cloud computing, the Internet of Things (IoT), and blockchain. The malicious application of AI, for instance, is enabling criminals to develop more sophisticated tools such as WormGPT, FraudGPT, and DarkBERT, which facilitate targeted, highly effective, and increasingly difficult-to-detect attacks.
Furthermore, the fact that only 15 countries have ratified the convention significantly undermines efforts towards regional or cross-border cooperation in combating cyberattacks, whose masterminds often operate beyond national jurisdictions. Chinese nationals, in particular, have been identified as key architects in instigating attacks on the continent. In the Interpol-led operation, for example, Angolan authorities dismantled 25 cryptocurrency mining centers where 60 Chinese nationals were discovered to be illegally validating blockchain transactions to generate cryptocurrency.
"African countries are enacting the necessary laws and building homegrown capacity to deal with cybercrimes," stated Mugambi Laibuta, a privacy and data protection specialist based in Kenya. He highlighted that the existence of data protection laws in 46 countries, mandating the reporting of attacks within 72 hours, signifies a growing awareness across the continent regarding the seriousness of the problem.
Navigating Significant Losses
Kenya serves as a compelling case study. Data from the Communications Authority indicates that the country recorded 2.5 billion cyberthreat incidents in the first quarter of 2025 alone, representing a staggering 201.7% increase from the preceding quarter. The estimated GDP losses in Kenya due to cyberattacks currently stand at 3.6%. As a pioneer in mobile money, digital lending, and fintech innovations, Kenya has inevitably become a prime playing field for hackers and scammers. In response, the Central Bank of Kenya recently established a cybersecurity operations center, a critical initiative equipped to provide essential services such as cyber threat intelligence, incident response, digital forensics, and investigations.
"Governments in Africa must recognize that cybercrime has the potential to cripple the success story of the digital revolution," observed Ali Hussein, a digital transformation consultant based in Kenya. He stressed the urgent need for sustainable approaches to digital security across the continent.
One critical approach that is beginning to yield positive results, albeit on a smaller scale, is collaboration with international partners. The successful execution of operations by Interpol, in conjunction with Afripol and partners like Cybercrime Atlas, Fortinet, and Kaspersky, to dismantle cybercrime ecosystems provides a solid foundation upon which Africa can build. Experts suggest that by integrating more public and private sector institutions, Africa may not eradicate cybercrime entirely, but it possesses the potential to significantly stem the tide.
"Africa must understand that dependence on the international community is a stopgap measure. In the long term, governments must take the lead in disrupting cybercrime networks," advised Sutherland.
On this front, a growing number of African governments are demonstrating a commitment to progress, particularly in enacting robust laws and regulations and developing national cybersecurity strategies. These strategies outline guiding principles for addressing the menace, encompassing technology transfer, capacity building, and information sharing.
Increasing Investment in Digital Defense
Crucially, Africa understands that winning the war against cybercrime cannot be achieved through theoretical strategies and policies alone. Consequently, both governments and private companies are increasing their cybersecurity budgets to invest in robust, albeit costly, systems. Global consulting firm Kearney provides critical context regarding investment needs, estimating that countries must collectively spend a staggering $22 billion between 2022 and 2026 to address investment gaps and ensure sustained commitment to cybersecurity. In Kenya, for instance, banks are already allocating as much as $4.6 million annually towards cybersecurity initiatives.
"Any organization that is not embedding cybersecurity into its strategy is walking blind," cautioned Laibuta. He added that the fact that a majority of companies are directing resources towards hiring qualified personnel and investing in talent training indicates a serious acknowledgment of cybersecurity risks.
For Africa, the reality is that its digital evolution is intrinsically intertwined with the persistent and evolving threat of cyberattacks. While completely disentangling the two may prove elusive, the key to sustaining the continent’s digital economy boom lies in building an insurmountable defense and a rock-solid bulwark against vulnerabilities.
