In 2025, the state of Information Security (InfoSec) across Africa—and especially in East Africa—is both promising and precarious. While governments and businesses are making strides in digital transformation, the cybersecurity landscape is evolving just as fast, and sometimes faster.
The Good News
I can say that Kenya has made significant progress with the Data Protection Act (2019) and the active role of the Office of the Data Protection Commissioner (ODPC) with organizations like Safaricom having implemented AI-driven security to protect platforms like M-Pesa from ransomware and fraud. Across the continent, there’s also growing awareness of data sovereignty, with more countries enforcing local data storage and compliance laws in line with the Malabo Convention for the countries that have adopted it.
The Challenges
Despite the tangible success, challenges are still inevitable. Incidents of ransomware and digital extortion are on the rise, targeting critical infrastructure like healthcare, finance, and utilities. The advent of AI-powered attacks are also becoming more sophisticated, making phishing and social engineering harder to detect. There are also concerns regarding terrorist groups exploiting encrypted platforms and mobile money systems to fund and coordinate operations, especially in Eastern Africa.
What Needs Work
With the above successes and challenges, there are concerns across many quarters that many organizations still lack incident response plans and cybersecurity training. Therefore, there’s a need for regional collaboration to combat cross-border threats and harmonize InfoSec policies. Investment in local cybersecurity talent and infrastructure is essential to keep pace with global threats.
Moving Forward
In a nutshell, InfoSec is no longer just an IT issue—it’s a national security, economic, and human rights concern. The path forward requires:
- Stronger public-private partnerships
- Smarter regulatory frameworks
- Inclusive digital literacy programs
Africa is not behind—it’s in motion. But staying ahead means treating cybersecurity as a shared responsibility.
No Responses