More than two-fifths (41%) of the world’s major ransomware attacks target African organisations, despite the continent suffering a digital infrastructure deficit when compared to the developed world.
This is according to the Check Point 2025 African Perspectives on Cyber Security report, released earlier this week, which found that AI is helping drive faster and more targeted cyberattacks across Africa.
“Africa’s digital economy continues to accelerate. Payments, citizen services, education and connectivity are scaling at pace, and with that growth comes a broader attack surface,” said Lorna Hardie, regional director for Africa at Check Point Software Technologies.
“In 2025, the story is not only the volume of threats but their speed and precision. Social engineering is amplified by generative AI, identity is the new perimeter and supply chains, from cloud to last mile connectivity, are firmly in scope.”
The report draws on data from Check Point Research, the global threat intelligence division of Check Point, and combines telemetry from a variety of the company’s cloud-based AI security modules. According to the company, these systems analyse over 200 billion indicators daily. The data is sourced between January and September 2025 across all 54 African countries including South Africa, Nigeria, Kenya, Morocco and Egypt.
Despite a 6.4% year-on-year decline, the average of 3 153 weekly cyberattacks per African organisation over the period is still nearly double the global average of 1 963, suggesting African cybersecurity personnel are under more pressure than their international counterparts.
Attack vector
At 77%, information disclosure attacks remain the primary exploit class, largely due to misconfigurations, especially in the cloud environment, leading to important data being exposed. E-mail remains the primary attack vector, with 80% of successful attacks emanating from an e-mail. Ethiopia, Mauritius, Zimbabwe, Uganda and Ghana are most affected while Russia, Iran, China and Nigeria were identified as the most common nations of attacker origin.
Check Point argued that since Africa is coming from a lower base, being in a “digital infrastructure deficit” compared to the developed world, its rapid rate of digitisation is outpacing the speed at which organisations can mature their cybersecurity capabilities. This is leading to higher rates of exposure that criminals are using advanced AI tools to exploit.
Read: Study confirms South Africans love weak passwords almost as much as boerewors
Check Point’s main observations about Africa’s cybersecurity landscape are:
- The acceleration gap: Africa’s digital growth continues to outpace security maturity, creating opportunities for identity-led intrusions.
- AI as a double-edged sword: Generative and agentic AI amplify both attack capability and defensive potential.
- Critical infrastructure under pressure: Operational technology and IoT networks in energy, telecoms and public services face persistent targeted attacks.
- Partnerships drive resilience: Managed security service providers and channel ecosystems are now essential to closing the regional skills and response gap.
- Regulation and trust converge: The EU’s National and Information Security Directive (NIS2) and other national frameworks are reshaping governance and raising market-access expectations.
Hardie described an AI arms race between hackers who adopt AI to make their attacks faster and more targeted, and organisations such as businesses and governments whose AI adoption is partly spurred on by the need to defend their systems from rogues using equally powerful technology. She warned, however, that siloed approaches to AI-driven cybersecurity may not be enough to keep cyberthreats at bay.
“We believe Africa can leapfrog traditional cybersecurity models by embracing a prevention-first, AI-driven and collaborative approach. The path forward depends on shared responsibility – between public and private sectors, between nations and their partners,” said Hardie.
The EU’s NIS2 directive is another factor incentivising African organisations to adopt a stronger cybersecurity posture. The directive imposes a set of minimum cybersecurity standards on organisations within the EU and their trading partners, meaning African organisations that are below par could lose valuable access to trade stemming from the region.
Read: AI-led digital banking fraud is surging in South Africa
“The EU remains Africa’s top trading partner. Any supplier touching European value chains, from energy and transport to manufacturing, financial services, healthcare, agriculture and digital infrastructure, will increasingly be asked to show NIS2-aligned controls. Non-compliance risks delayed tenders, lost contracts and heightened audit scrutiny,” said Hardie. – © 2025 NewsCentral Media
Get breaking news from TechCentral on WhatsApp. Sign up here.
