Keeping east Africa cyber secure

Cybersecurity threats are surging across the globe, increasing both in frequency and severity. According to Check Point Research’s Q3 2024 Cyber Attack Trends report, organisations worldwide faced an average of 1,876 cyberattacks per week—a staggering 75% increase compared to the previous year. The situation is even more alarming in Africa, where the weekly average soared to 3,370 attacks, marking a 90% year-on-year rise and positioning the continent as the most targeted region globally. State-sponsored cyber warfare, organised crime syndicates, and ideologically driven hacktivist groups have turned cyberspace into a new domain of conflict and disruption. Institutions of all sizes—from local governments to multinational corporations—are increasingly falling prey to sophisticated, multi-vector cyberattacks. 

At the heart of this escalation lies the growing role of artificial intelligence (AI). While AI offers powerful tools for defending networks, it also enables cybercriminals to automate attacks, scale operations, and evade detection. Deepfake technology is now used in spear-phishing campaigns, while AI-powered malware can adapt in real time to overcome firewalls and intrusion detection systems. The World Economic Forum’s 2025 Global Cybersecurity Outlook warns that the misuse of AI will be one of the top five risk multipliers for global cybersecurity over the next decade. 

This global trend has particularly alarming implications for regions with fragile digital infrastructures. In countries like Somalia and Somaliland, where cybersecurity policies remain underdeveloped and technical capacity is low, the weaponisation of AI amplifies existing vulnerabilities. The same tools that bolster innovation in high-tech economies can become instruments of destabilisation in places where governance, regulation, and defence mechanisms have yet to mature. As AI tools become more accessible, the threshold for launching a devastating cyberattack continues to fall, putting countries like Somalia at unprecedented risk. 

East Africa's digital leap and the cybersecurity gap 

East Africa is undergoing a rapid digital transformation. Mobile cash, online banking, and e-government services are now integral to everyday life. However, this technological acceleration has outpaced the region’s ability to secure its digital infrastructure, exposing governments, banks, and millions of citizens to escalating cyber risks. 

In March 2024, Ethiopia’s largest financial institution, the Commercial Bank of Ethiopia (CBE), experienced a catastrophic technical fault that allowed thousands of customers—many of them university students—to withdraw funds far exceeding their account balances. Within hours, tens of millions of Ethiopian birr were funnelled out of ATMs and into personal accounts. Initial reports estimated the total loss at around $42 million; however, CBE officials later clarified that the actual amount withdrawn was approximately $14 million. According to the Central Bank of Ethiopia, the disruption occurred during a routine system update and inspection, which led to a mismatch in the logical flow of the digital banking system. Still, questions persist as to whether the incident was purely the result of internal failures or if malicious cyber interference may have played a role. 

Kenya, often hailed as a leader in East African digital innovation, has found itself equally vulnerable. Platforms like M-PESA and eCitizen have revolutionised financial and public services—but their prominence also makes them prime targets. According to a report from the Communications Authority of Kenya, the country recorded a staggering 860 million cyber threat events between October and December 2024—an all-time high. These incidents primarily targeted government agencies, financial institutions, and key digital infrastructure. 

The most significant breach came in July 2023, when the hacktivist group “Anonymous Sudan” launched a widespread DDoS attack affecting M-PESA, eCitizen, train ticketing, and power token platforms. Given that a remarkable 59% of Kenya’s GDP flows through M-PESA, even brief outages have far-reaching economic implications. The platform’s central role in facilitating daily financial transactions means any disruption not only stalls commerce but also undermines public confidence in the nation’s digital infrastructure. 

The political motives behind the attack—linked to Kenya's foreign policy—underscored the growing intersection of geopolitics and cyberwarfare. The group expressed opposition to any foreign involvement in Sudan’s internal affairs, and its actions were reportedly prompted by Kenya’s hosting of Rapid Support Forces (RSF) representatives amid the Sudanese conflict. The incident exposed significant vulnerabilities in Kenya’s digital ecosystem and highlighted the pressing need for a robust, coordinated national cybersecurity response. 

In March 2024, two Sudanese nationals, brothers Ahmed and Alaa Omer, were arrested and charged by the US Department of Justice with operating and managing Anonymous Sudan. 

Rwanda’s I&M Bank faced a similar wake-up call in 2023, when cybercriminals breached the bank’s SWIFT system, siphoning off more than $10 million through unauthorised transfers. The use of forged documentation and international fund routing highlights the increasing sophistication of attackers targeting East African institutions. For Rwanda—a country positioning itself as a regional financial hub—the incident was a stark reminder of the importance of both preventive measures and incident response protocols. 

Uganda’s cybersecurity threats are no less significant. While it has not suffered headline-grabbing attacks in recent months, insider sources report rising concerns over ransomware, phishing, and persistent intrusion attempts. A particularly damaging breach occurred in 2020, when hackers compromised Pegasus Technologies, which processes mobile money transactions for telecom giants MTN and Airtel. The attackers facilitated the fraudulent transfer of $3.2 million via more than 2,000 SIM cards. The breach temporarily crippled mobile money services and revealed deep flaws in Uganda’s digital infrastructure. 

Together, the experiences of Kenya, Rwanda, and Uganda reveal a shared reality: while East Africa is surging ahead in digital innovation and making citizens dependent on digital services, its cybersecurity posture remains dangerously weak. The gap between technological advancement and protective frameworks is widening, making regional coordination and investment in cybersecurity capacity more urgent than ever. 

Somalia and Somaliland: fragile systems in grave peril 

While countries such as Ethiopia, Kenya, Rwanda, and Uganda contend with the mounting effects of cyberattacks, Somalia and Somaliland face an even steeper challenge: mitigating these threats amid limited regulatory frameworks and weak technical defences. 

Mobile money has become integral to daily life in both Somalia and Somaliland. Platforms such as Zaad and EVC Plus have largely supplanted cash, with over 70% of the population relying on mobile wallets for everyday transactions—including shopping, paying school fees and utility bills, and even accessing government services. The rollout of interoperability between mobile money services and traditional bank accounts in 2024 has only deepened this digital integration. 

Despite this rapid digital adoption, Somalia continues to operate without a national cybersecurity policy. No specialised government agency has a clearly defined mandate or the capacity to implement and enforce baseline digital security standards. The private telecommunications companies that dominate the mobile money sector operate under minimal regulatory oversight, raising concerns about the coherence and preparedness of cybersecurity efforts across the industry. 

The National Communications Authority (NCA), a relatively new regulatory body, has outlined ambitious objectives for its Cybersecurity Department on its official platforms. Among its stated roles are overseeing the Somalia Computer Emergency Response Team (SomCERT/CC), detecting and responding to cyber threats, certifying IT product security, drafting cybersecurity regulations, and representing Somalia in international cybersecurity forums. 

While these objectives signal a move towards alignment with global cybersecurity norms, little is known about the department’s actual operational capacity or technical infrastructure. In practice, there is scant evidence of effective enforcement, cross-sector coordination, or the kind of rapid incident response mechanisms required to counter serious cyber threats. Somalia also faces persistent challenges, including a shortage of skilled professionals, low public awareness, and fragmented institutional oversight. The establishment of a national CERT is a promising step, but significant gaps remain between the NCA’s stated ambitions and its demonstrated capabilities. 

In neighbouring Somaliland, progress has taken a more legislative route. In November 2024, the Ministry of Information and Communication Technology, together with the Subcommittee on General Affairs and Technology, submitted a draft Cybersecurity and Cybercrime Bill to the House of Representatives. The bill proposes the creation of a national cybersecurity centre, a dedicated incident response team, and a regulatory framework to guide cybersecurity practices and codes of conduct. 

However, during a parliamentary session in December 2024, the Speaker of the House, Yasin Haji Mohamoud, emphasised the need—at the request of several Members of Parliament—for expert technical input to fully understand the implications of the proposed legislation. As a result, deliberations were postponed to allow for more comprehensive consultations. This delay underscores a broader challenge: without the technical expertise, funding, and institutional capacity to implement such laws, legislative progress risks stalling at the proposal stage. 

As both Somalia and Somaliland undergo accelerated digital transformation, the urgency of cybersecurity readiness has never been greater. While Somaliland has at least initiated foundational legal steps—albeit not yet enacted—building a functional and resilient cybersecurity infrastructure will require more than drafted policies. It will demand long-term investment in capacity-building, public education, and cross-sector coordination. 

The risk of a large-scale cyberattack is not hypothetical. Disruption to mobile money systems could paralyse commerce, destabilise public services, and erode public trust in digital platforms. For societies emerging from decades of conflict, such an event could reverse hard-won gains in economic and social development—and further entrench existing insecurities.