By Kerissa Varma, Microsoft Chief Security Advisor, Africa
Africa is seeing an unprecedented growth in digital technologies. However, this rapid digitalisation brings with it a variety of security threats. Across the continent, countries have seen a marked increase in cyberattacks targeting critical infrastructure, financial systems and public services, yet African governments, companies and organisations’ cybersecurity measures have in many instances not kept pace with the rate of development.
And while the continent’s rapid digitalisation is a welcome catalyst for innovation, Interpol found that cybercrime now accounts for over 30% of all reported crimes in West and East Africa, and that two-thirds of African countries classify cyber-related incidents as medium to high priority threats. Most countries on the continent lack a comprehensive national cybersecurity strategy, which hampers effective defence and enforcement measures. For example, the AU Malabo Convention, which focuses on cybersecurity and personal data protection, has been ratified by only 15 African Union member states so far.
Given the growing risk landscape and the lag in policy adoption, the role of emerging technologies such as artificial intelligence has become increasingly pivotal in shaping both the threats and defences within Africa’s digital ecosystem.
AI is helping both good and bad actors
AI is playing a transformative role in cybersecurity defence strategies, enabling defenders to synthesise vast data sets, detect novel threats and respond more rapidly than ever before. However, cybercriminals are also harnessing the power of AI, trialling emerging tactics, such as fake digital IDs, across Africa’s evolving attack surface, because of perceived and real inherent weaknesses in the continent’s cyber defences. Africa is increasingly being targeted by identity-based and AI-driven threats – and AI has significantly reduced the time attackers need for reconnaissance. AI-generated content is flooding digital spaces, overwhelming detection systems and enabling deepfake-enabled fraud, voice cloning, and the creation of synthetic identities at scale.
AI-generated IDs are now often more convincing than real forgeries, growing by 195% globally in usage. Africa’s need for strong digital identities is more pertinent now than ever. This backed by reducing legacy infrastructure and well resourcing cybersecurity teams to be able to respond and adapt is critical to national security and economic growth.
Business Email Compromise (BEC), phishing and other digital identity theft are prevalent, increasingly being exploited as organisations migrate to cloud services without adequate security controls. AI allows attackers to create phishing emails tailored to local languages and cultural contexts, and launch attacks much faster, and to quickly analyse stolen data, enabling them to identify valuable information for ransom demands more efficiently.
Cyber-criminals are also using AI-generated content for impersonation, extortion, deepfake-enabled fraud, and voice cloning tactics that are more potent in Africa because of the widespread use of non-business productivity tools such as WhatsApp for business engagements. For example, cybercriminals may complete a SIM swap and impersonate a company’s CEO, CFO or other key business leaders. By the time the SIM is restored, attackers could have caused significant disruption or loss.
Cyber threats increasingly challenge economic stability
Cybercriminals are leveraging emerging technologies to attack with both greater volume and more precision than ever before. Because of this, international collaboration among defenders will be critical to define new coordinated defences.
Africa has a unique opportunity to lead in combatting new threats, helping to shape the future of cyber defence. African SMEs are at the frontline of cyberattacks. Small and medium businesses make up nearly 90% of businesses in Africa, driving employment, economic growth and, in many instances, innovation. As these businesses digitise, adopting cloud services, mobile platforms and e-commerce, they are both targets and defenders in the cybersecurity arena. South African SMEs face 143% more attacks per user than larger firms, while 67% of Kenyan SMEs report more incidents during digital transitions.
A breach in one SME can ripple across supply chains or financial networks, and even government services. However, the converse is equally true: a well-defended SME sector that is responsive to identifying new tactics strengthens the entire digital infrastructure. Securing SMEs is essential to securing Africa’s broader digital ecosystem, and in turn, by sharing this information among international collaborators, helping strengthen defences globally.
African SMEs must reevaluate their approach to cybersecurity
SMEs should approach cybersecurity as a top priority, on a par with any financial or legal issue. While small business owners might tend to deflect or delay introducing cybersecurity measures due to concerns about cost, or a lack of resources or understanding, they should regard building in ground-up cyber defences as a vital part of protecting their investment.
African SMEs are not burdened by legacy systems to the same extent as larger organisations on the continent. The pace of change in the threat landscape means that it is necessary to rethink the approach to cybersecurity. Attackers are simply looking for the weakest path into the business, and a siloed approach opens up areas for exploitation in most defences. Cloud-based security options are becoming increasingly affordable for small businesses, while endpoint protection and multifactor authentication can secure devices and accounts. Research has shown that multifactor authentication reduces the risk of identity compromise by more than 99%.
Know your weaknesses and pre-plan for breach
Cybersecurity must be embedded into the fabric of organisational strategy and addressed regularly as part of risk management. Culture and readiness are key factors – human defences, no matter how good they are, inadequate alone without the right technology to support them. Even the most vigilant person can fall for a ploy or tactic if it is good enough.
Cybersecurity professionals must challenge themselves to focus not only on perimeter-based security models – preventing the breach – but also what happens once a system is compromised. Microsoft found that only 4% of attacks were driven by espionage but that in 80% of reactive engagements responding to customer cybersecurity incidents in the last year, data was stolen by the attacker. Attack motivation remains financially driven – Microsoft blocked $4b worth of fraud attempts between April 2024 and April 2025 and stopped 1.6m fake account creations by bots per hour over the same period. Firewalls and antivirus software alone are not adequate protection against identity theft or data theft.
Assume breach prioritises containment, rapid detection, and response over prevention alone. By prioritising containment, segmentation of critical assets, anomaly detection and behavioural analytics, organisations can limit damage and recover faster. This along with Zero Trust, continuous monitoring, least privilege access and multifactor authentication, adds an essential layer of protection.
Build and train for resiliency
Africa’s SMEs are no longer passive recipients of cybersecurity solutions, they are active architects of a safer digital future. Operating in resource-constrained environments encourages SMEs to develop creative, cost-effective cybersecurity solutions such as mobile-first security tools tailored to local usage patterns, community-based intelligence sharing and partnerships with regional cybersecurity hubs and incubators. Through these actions, African SMEs are in a unique position to identify regional threat actors and tactics.
Businesses and governments that invest in cybersecurity proactively are more agile to adopt new technology (like AI) safely and are therefore nimbler to scale business opportunities, reduce costs and increase service delivery. By investing in and embracing modern defence strategies, African SMEs can lead the charge against evolving cyber threats. This spirit of innovation, combined with sharing and receiving real-time threat data about emerging tactics with regional peers, industry groups and governments could have a profound impact, not just for the continent, but for the world.
Image: Shutterstock