Cybercrime is a growing threat in Africa, accounting for nearly a third of all crime in some regions. And the scale and scope of attacks is rising. Hackers increasingly weaponize cyberattacks against corporations and public infrastructure, rather than simply stealing personal data from individuals.
A recent report by Interpol concludes that cybercrimes make up 30% of all crime in West and East Africa, based on a survey of the international law enforcement agency’s African members. The survey determined that cybercrimes make up 10% to 30% of crimes in Southern and Central Africa and less than 10% in North Africa.
“Cybersecurity is not merely a technical issue; it has become a fundamental pillar of stability, peace, and sustainable development in Africa,” Ambassador Jalel Chelba, acting executive director of Afripol, said in a statement. “It directly concerns the digital sovereignty of states, the resilience of our institutions, citizen trust and the proper functioning of our economies.”
Across Africa, an estimated 320 million people use the internet — a number that is expected to reach 500 million by 2030. That number continues to expand thanks largely to the proliferation of mobile technology. That growth has outpaced the laws and education needed to protect people and institutions from online attacks.
Online scam notifications were 30 times higher last year than the year before in some parts of Africa. Africa’s most-online countries, including Egypt, Kenya, Morocco, Nigeria and South Africa, also are the countries cybercriminals target most frequently.
In recent years, cybercriminals have shifted some of their attention away from stealing personal information through targeted scams such as phishing and focused on attacking government agencies, critical infrastructure and corporations. For example:
- The Kenya Urban Roads Agency experienced a ransomware attack in July 2024 during which the attackers stole personal information and financial records.
- An attack against Nigeria’s National Bureau of Statistics in late 2024 shut down the agency’s website for three weeks and prompted it to invest in better cybersecurity.
- That same year, hackers invaded South Africa’s National Health Laboratory System, disrupting the country’s public health system. The agency developed plans to train its staff on cybersecurity measures.
- South African energy company Eskom has been the target of repeated cyberattacks along with Johannesburg’s electric company. Analysts expect threats to increase as private power companies enter the market.
Malicious actors also have targeted African companies with malware as a form of corporate espionage, analysts say. Iranian hackers, for example, targeted telecommunications companies in Egypt, Sudan and Tanzania in 2023, possibly to spy on the companies’ operations or to lay the groundwork for a denial-of-service attack, according to reports.
According to Richard Frost, head of technology and innovation at Johannesburg-based Armata Cyber Security, companies also are hiring hackers to infiltrate their competition. In the process, those same companies will have the hackers infiltrate their own system to avoid suspicion, Frost added, writing for Independent Online, a South African news website.
“Organizations need to pay attention to these threats, recognizing that they are introducing complex new ways of affecting business and reputations,” Frost wrote.
Although African countries are improving their tools to fight cybercrime, the Interpol report notes that more work remains. For example, better cross-border cooperation is needed to fight crimes that routinely ignore national borders.
Countries also need to improve their ability to report cyberattacks, secure evidence of those attacks and build intelligence databases from information gathered after attacks. Less than one-third of the countries reporting cybercrime data do any of those things, according to Interpol.
“Despite rising caseloads, most African member countries surveyed still lack essential IT infrastructure to combat cybercrime,” the Interpol analysts wrote.