Africa’s brisk march toward a 4.1% real GDP expansion in 2025 is shadowed by cyber threats already siphoning off about a tenth of the continent’s output. Rapid digital adoption led by mobile-money services and a fast-growing SME sector has outpaced cybersecurity maturity - making data breaches and ransomware everyday realities. Because these risks can cascade across borders and supply chains, meaningful growth now hinges on closing the protection gap: sharpening cyber hygiene, boosting talent, and deploying affordable, analytics-driven cyber insurance products that reflect Africa’s unique threat landscape.
In a report by the UN Economic Commission of Africa, it is stated that on average, Africa loses 10% of its GDP to cyber attacks.1 At the same time, the continent is projected to experience real GDP growth of 4.1% in 2025, according to the African Development Bank2, making it one of the fastest-growing regions globally. A significant portion of this GDP growth is from small and medium-sized enterprises (SMEs), which currently contribute about 50% of total GDP and form around 95% of all registered businesses.3 Many of these businesses are moving online and adopting digital processes.
This article outlines the various types of cyber threats faced in Africa, the unique challenges present in this landscape, as well as recommendations on next steps to take towards bolstering cyber risk resilience in Africa.
The current state of cyber risk in Africa
The past year has seen a surge in cyber incidents, including ransomware attacks and data breaches, affecting the government and critical sectors such as energy, finance, and healthcare across the continent. This is not unique to Africa — globally, the frequency and sophistication of these types of attacks have also increased.
Data breach remains one of the top global risks in 2025. In Africa, data breaches are also a concern, although significant progress has been made by African countries in enacting data protection laws. However, it remains to be seen to what extent the legislation is actually implemented, and the levels of penalties imposed on companies that do not comply.
Ransomware-as-a-Service (RaaS) is increasingly deployed in Africa, due to its scalability and accessibility. For example, LockBit — a cyber criminal group that develops and operates ransomware software and provides it to other criminals through a RaaS model — claimed responsibility for the attack on South Africa’s Government Pensions Administration Agency (GPAA) in February 2024. This led to the temporary shutdown of systems. Africa is a hot target for criminals who test their tactics and techniques before deploying them to more developed economies. This is mainly driven by low levels of cyber maturity and strategy at the national levels.
Differences in factors driving cyber risk in Africa
While digital transformation is accelerating, African cybersecurity practices still lag behind more developed regions, creating an attractive target for cyber criminals. This means that cyber risk is a very relevant and present threat to consider.
The Global CyberSecurity Index classifies how mature a country’s cyber capacities are, with tier 1 being role models in cybersecurity and tiers 3, 4 and 5 being at the level of establishing, evolving, or just starting to build their cyber capacities. The Global CyberSecurity Index in 20244 classifies a majority of African countries as tier 3, 4 and 5, signalling an existing cybersecurity gap that needs to be addressed.
A unique cyber threat landscape
While Africa grapples with many of the same cyber threats seen worldwide, it also confronts a distinct set of risks. Mobile money and telecom-based fraud stand out in particular, driven by the continent’s pioneering adoption of mobile payments. This leadership exposes unique attack surfaces, such as Unstructured Supplementary Service Data (USSD) and introduces vulnerabilities across the underlying telecom networks. USSD is very convenient and does not require an internet connection, making it a popular technology in Africa. It can be used to reach a wide base of customers, including those in rural areas with weak internet connectivity.
However, this technology is not without its disadvantages. South African consumers lost USD 35 million in 2023 due to criminals targeting digital banking applications.5 Access Bank in Nigeria saw a 72% increase in the number of fraud incidents recorded in 2024 from 2023. The 2024 incidents involved a total of USD 2.2 million, with actual losses of USD 1.05 million — highlighting the implementation of security measures aimed at curbing such attacks.6 These examples demonstrate the importance of managing this risk.
Another type of threat that affects Africa is social engineering, which refers to psychological manipulation of people to divulge sensitive information by threat actors. One common method is through phishing, where criminals impersonate trustworthy sources, such as banks, to trick victims into revealing sensitive information. Another is through smishing, which is a growing method where criminals take advantage of the increasing penetration of mobile phones and mobile money usage. In 2023, TransUnion Africa published a report showing that over 42% of Zambians had been targeted by fraud, primarily through smishing attacks to trick them into revealing their personal details.7 This example highlights the importance of companies investing in education and putting the right protection measures in place to avoid further breaches.
Identity fraud is also a persistent threat fuelled by weak national ID digital systems and the existence of fragmented records across voter registration systems and e-government portals. Each one of these databases may have its own weak authentication, encryption, and patching policies. Attackers would only need to compromise the weakest link to gain a foothold, then spread laterally. Attackers can take over a user’s identity in one domain, and use this to get higher privilege access elsewhere.
Malawi's Department of Immigration and Citizenship Services experienced such an identity fraud cyber attack that compromised its ePassport issuance system in 2024. Hackers demanded a ransom, and the incident led to a suspension of passport services for at least two weeks and raised concerns about the security of personal data. The increased costs from fraud reimbursements, as well as indirect costs like investigation, downtime, and recovery, can be reduced through increased cybersecurity measures.
The SME Sector is also at risk
Cyber threats are not limited to large corporations, despite media coverage often focusing on high-profile targets. SMEs are particularly vulnerable to attacks due to a combination of factors: limited IT resources, low awareness of cybersecurity best practices, and the fact that these companies have more to lose given their financial constraints.
As an example, the Micro and Small Enterprise Authority, a pivotal institution supporting millions of Kenyan SMEs, suffered a significant cyber attack in early 2025. Investigations suggested that the attack was due to outdated software and weak access controls. Hackers accessed and exfiltrated sensitive data, including business registration details, financial records, and internal communications, which was reportedly listed for sale on dark web forums. This raises concerns about potential identity theft and financial fraud targeting SMEs.
Cyber risk tends to be systemic
The systemic nature of cyber risk makes it uniquely dangerous. Unlike natural catastrophes, which tend to be geographically contained, cyber incidents can transcend borders. A breach originating in one country can swiftly cascade through global supply chains, affecting businesses across continents. SMEs that depend on larger service providers have experienced breaches through third-party vulnerabilities. In some instances, an attack on a key supplier has forced smaller companies to halt operations or expend significant resources on remediation. Using the example of USSD mentioned earlier, if many companies are using the same USSD platform or service provider as a payment platform and a vulnerability is exploited, this could lead to financial losses as well as the simultaneous disruption of services.
The CrowdStrike outage in July 2024, is considered the largest IT outage in history and is an example showcasing the interconnected nature of cyber risk. A flaw in an update of CrowdStrike’s Falcon software was integrated into Microsoft Windows systems and it triggered widespread system failures across the globe. In Africa, the consequences were also felt: South African banks including Absa and airlines such as Airlink experienced operational disruptions. Kenya Airways, Ethiopian Airlines, and EgyptAir were forced to ground flights, while hospitals had to revert to manual systems, leading to chaos and delays.
The path forward for cyber resilience in Africa
In response to these risks, African businesses must urgently assess their cyber exposure, not only directly but also via their extended supply chains, including contractors and third-party vendors. Cyber insurance brokers can play a crucial role here, leveraging their client relationships to provide tailored advice on their clients’ exposures.
Insurance associations, in partnership with cybersecurity experts, should also prioritize educational campaigns to raise awareness of cyber risk as a serious business threat. Government bodies can encourage more market education and encourage adoption of risk management strategies, including the use of cyber insurance.
Beyond awareness, companies must adopt and regularly update cybersecurity protocols, while actively monitoring for vulnerabilities. SMEs, in particular, can benefit from outsourcing these functions to trusted cybersecurity vendors. However, for this to be viable, service providers must clearly demonstrate the value they offer, recognizing the tight financial constraints of smaller enterprises.
The role of cyber risk analytics in quantifying exposure
In the African context, articulating the value proposition of cyber insurance is key to encouraging uptake. Insurers must ensure that any products they build serve the needs of clients and are not overpriced, given the limited budgets of many of these businesses — especially those in the SME sector. For instance, given some of the nuances of culture and cyber threats in Africa, would legal liability cover matter to the same extent as fund transfer fraud, investigation, and response coverages?
In light of challenges surrounding the understanding and quantification of cyber risk, innovative solutions should be considered — for example, cyber risk pools and partnerships with the public sector as alternative avenues of insurance capacity. Internal talent capacity must also be developed in both the fields of cybersecurity and cyber insurance to propel the market forward.
Insurers should consider leveraging relevant cyber risk quantification tools. Combining quantitative models with qualitative assessments will be essential for assigning accurate financial values to cyber risks, enabling better underwriting decisions. This kind of platform is instrumental in this process, especially a specialized end-to-end solution like CyberCube, a global leader in cyber risk modelling. Our solutions support brokers, underwriters, and insurers by quantifying risk exposure and correlating a company’s cybersecurity posture with potential financial losses, including producing AALs (average annual losses) and loss curves that associate loss amounts with different return periods. This data-driven approach not only strengthens management buy-in but also enhances the credibility of cyber risk assessments.
Call to action: building resilience through cyber insurance
Cyber insurance is not only a crucial tool for cyber risk management but also a force in contributing to financial and societal resilience in the face of cyber attacks, which can have a damaging impact on businesses. Companies should assess their exposures to determine whether they have the risk appetite to fully manage cyber attacks on their own, without transferring the risk.
Cyber risk management is truly a space full of opportunities to grow business profitably. It is no wonder that (re)insurance players are considering investing in this space as a way to diversify their portfolios.
For more information on CyberCube’s solutions, please contact: christinew@cybcube.com
References
2https://www.afdb.org/en/documents/africas-macroeconomic-performance-and-outlook-january-2025
4https://www.itu.int/epublications/publication/global-cybersecurity-index-2024
5https://www.sabric.co.za/media/vjyn5f4d/sabric-annual-crime-stats-2023-2.pdf
