In Summary
- In early 2025, South Sudan recorded over 93 million cyber-attack attempts, the highest in Africa. This shows that emerging digital economies are now prime global targets.
- Countries like Kenya, Nigeria, and South Africa have expanded national Computer Emergency Response Teams (CERTs) to strengthen detection and response.
- Governments are combining new cybersecurity laws with public awareness drives, marking a shift from reactive to proactive defense across Africa.
Deep Dive!!
Lagos, Nigeria, Friday, August 29 – Cybersecurity is becoming a defining challenge for Africa’s digital growth in 2025. The expansion of banking, telecommunications, and government services has led to a sharp rise in online cyber attacks, affecting millions of users and critical systems. These attacks range from phishing scams, ransomware, and large-scale breaches aimed at disrupting financial transactions and stealing sensitive data. The scale of these threats shows how Africa’s digital economy has become a global player, drawing the attention of both criminals and state-backed actors.
In response, countries are moving beyond emergency reactions to structured national strategies.
Cybersecurity laws are being enforced to regulate data protection, digital identity, and financial security. National Computer Emergency Response Teams (CERTs) are now active in many countries, providing round-the-clock monitoring and coordinated responses. Regional collaborations through bodies like the African Union and Smart Africa are also improving information sharing and setting standards for cyber defense.
These combined efforts reflect a shift from being reactive to building long-term resilience. African countries are showing that cyber threats, while disruptive, are also prompting stronger digital policies, improved infrastructure, and new opportunities for innovation.
In this article, we bring you the ten African countries most affected by cyber-attacks in 2025 and examines the concrete measures they are taking to secure their digital future.
10. Ghana
Ghana ranked 93rd worldwide in 2025 with 5,270,783 attempted cyber-attacks. The most notable case was the outage of the government’s central email platform in August, which disabled communication across ministries for two days. The National Cyber Security Authority (NCSA) led recovery efforts and issued directives enforcing multi-factor authentication, mandatory server backups, and stricter access controls across all state agencies. The Ministry of Communications and Digitalization also accelerated plans for a National Security Operations Centre to provide continuous monitoring of government networks and early warning against intrusions.
The government reinforced the Cybersecurity Act with compliance guidelines requiring critical information infrastructure operators to submit incident reports directly to the NCSA. At the same time, public campaigns were expanded to promote awareness of phishing, email fraud, and reporting channels. These measures indicate a policy shift from reactive response to preventive defense.
9. Ivory Coast
Ivory Coast recorded 5,912,899 attempted cyber attacks in 2025, ranking 88th worldwide. The year was marked by increasing targeting of financial institutions and government portals, consistent with the country’s expanding role as a West African financial hub. In response, the National Cybersecurity Strategy 2025–2027 was activated, emphasizing the protection of critical information infrastructure. The government directed banks, telecom operators, and key public agencies to align with national standards on incident reporting and data protection. A Computer Emergency Response Team (CI-CERT) has been positioned as the central body for threat monitoring and coordination, with expanded authority to audit compliance across sectors.
Capacity building formed a key part of the response. Training programs were launched for state IT officers and law enforcement units, while partnerships with the private sector introduced new detection and monitoring systems. Public awareness campaigns also targeted mobile money users, as fraud linked to digital payments remained a major concern.
8. Tunisia
Tunisia registered 6,575,670 attempted cyber-attacks in 2025, placing it 83rd worldwide. The government identified recurrent targeting of public-sector websites and academic networks, with denial-of-service attempts disrupting access to several online portals during the year. In response, the National Agency for Computer Security (NAC) expanded its national monitoring framework, mandating regular vulnerability assessments for ministries, universities, and telecom operators. New directives were also introduced requiring all government agencies to adopt encryption standards for email communication and implement multifactor authentication for internal systems.
The Tunisian government continued to build institutional capacity through its National Cybersecurity Strategy 2023–2027, which prioritizes critical infrastructure protection, digital trust, and incident response. Training programs were extended to law enforcement and judicial officers to improve the handling of cybercrime cases, while public initiatives promoted safe online behavior among citizens and small businesses. With these measures, Tunisia’s 2025 response illustrates a clear emphasis on regulation, capacity building, and public engagement, ensuring that the country strengthens its defenses.
7. Kenya
Kenya registered 7,831,073 attempted cyber-attacks in 2025, ranking 79th globally. The financial sector remained the most vulnerable, particularly due to the widespread use of mobile money platforms such as M-Pesa, which continue to attract both local and international cybercriminal groups. Phishing campaigns, SIM swap fraud, and social engineering attacks against mobile money users were repeatedly flagged by regulators and telecom operators. Government institutions also reported intrusion attempts, especially in systems handling sensitive citizen data such as eCitizen portals and tax-related services. Kenya also ranks among the African countries with the largest data systems, making the protection of digital infrastructure even more critical.
The Communications Authority of Kenya (CA) and the National Kenya Computer Incident Response Team Coordination Centre (KE-CIRT/CC) responded by scaling up monitoring operations. KE-CIRT/CC issued monthly public advisories on emerging threats, focusing on malware infections, ransomware, and data leaks. In 2025, the Kenyan government also advanced the implementation of its National Cybersecurity Strategy, which places emphasis on protecting critical infrastructure and fostering public-private partnerships. A cybersecurity bill strengthening penalties for digital crimes was tabled in parliament to close existing legal gaps.
Capacity building remained a core focus. The ICT Authority collaborated with universities and private sector firms to develop training programs aimed at producing certified cybersecurity experts. International cooperation also increased, with Kenya joining regional initiatives under the African Union’s Digital Transformation Strategy and entering bilateral agreements with partners like the United States to enhance intelligence sharing.
6. Algeria
Algeria registered 11,529,983 attempted cyber-attacks in 2025, ranking 67th globally. The Ministry of Post and Telecommunications confirmed that public institutions and energy-related networks remained primary targets, with several phishing and ransomware attempts detected against state utilities. In response, the National Agency for the Security of Information Systems (ANSI) expanded its national monitoring program, requiring critical service providers to submit regular threat reports and undergo security audits. A stronger framework for protecting industrial control systems was also introduced to safeguard energy infrastructure, a key sector in Algeria’s economy.
The government advanced its National Cybersecurity Strategy by enhancing technical capacity and promoting coordination among state agencies. Specialized training was delivered to IT officers within ministries and law enforcement units tasked with handling cybercrime investigations. Public campaigns emphasized safe digital practices for citizens, particularly around online banking and social media use.
5. Morocco
Morocco recorded 18,537,807 attempted cyber-attacks in 2025, ranking 60th worldwide. The most serious case was the breach of the National Social Security Fund (CNSS) in April, where nearly two million employee records were exposed. The incident highlighted vulnerabilities in data storage systems and placed pressure on Morocco’s wider e-governance framework. In response, the General Directorate of Information Systems Security (DGSSI) led investigations and coordinated the rollout of stronger security protocols across public institutions.
The government reinforced its National Cybersecurity Strategy by mandating periodic penetration testing for ministries and agencies, while also expanding the role of the national CERT-MA in threat detection. Legal reforms advanced under the 2023–2027 Digital Transition Plan now require companies handling sensitive data to meet stricter encryption and storage standards. Training programs for civil servants were intensified to address phishing and insider threats, with DGSSI also expanding cooperation with the private sector to develop homegrown cybersecurity solutions.
Morocco also increased collaboration with international partners. Agreements with the European Union and regional security networks provided technical support for incident response and intelligence sharing. At the citizen level, campaigns were launched to build awareness of personal data protection, reflecting the government’s effort to strengthen trust in digital services.
4. Nigeria
Nigeria faced 23,268,560 attempted cyber-attacks in 2025, placing…