By Garith Peck, Managing Executive: Cloud & Cybersecurity at BCX

As digital transformation accelerates across Africa and South Africa, cybersecurity has become a critical concern for governments, businesses, and individuals. The growing adoption of new technologies and the evolving sophistication of cyber threats necessitate proactive and future-proof security measures.

Below, we explore key cybersecurity trends for 2025, highlighting their impact on businesses in Africa, along with notable examples of cybersecurity adoption and the challenges faced by businesses in the continent, including how these trends affect specific sectors.

1. Rise of ransomware and digital extortion

Ransomware attacks are on the rise across Africa, with cybercriminals increasingly targeting businesses, government institutions, and critical infrastructure. These attacks often demand large ransoms to restore access to critical data, and in some cases, attackers may also steal data and threaten to leak it. Sectors such as healthcare, finance, utilities, and manufacturing are high-value targets for these types of attacks.

Safaricom in Kenya, one of the largest telecom operators, has implemented advanced AI-driven cybersecurity measures to protect its mobile money platform, M-Pesa, which serves millions of users. These measures help safeguard financial transactions from ransomware and other cyber threats. Similarly, in South Africa, Eskom, the country's largest energy supplier, has invested in robust cybersecurity strategies to protect its critical infrastructure from ransomware attacks and other forms of cyber extortion.

As these threats evolve, businesses must invest in resilient cybersecurity infrastructure, disaster recovery plans, and rapid incident response strategies to mitigate the impact of these increasingly sophisticated attacks.

2. AI-driven cybersecurity

Artificial intelligence (AI) will play a critical role in shaping cybersecurity for 2025. While AI enhances threat detection, vulnerability identification, and automated responses, it also presents a challenge as cybercriminals use the same technologies to create more sophisticated attacks. AI-driven phishing, deepfake fraud, and social engineering tactics are expected to become increasingly difficult to detect, leading to more significant data breaches and fraud incidents.

In South Africa, organisations such as Standard Bank are already leveraging AI-powered threat detection systems to safeguard their digital banking services. These systems are designed to detect abnormal behaviour and prevent attacks before they can cause harm. In Africa, the rise of AI-driven attacks, including deepfakes and automated phishing, will require businesses to adopt AI-powered security tools to stay ahead of the evolving threat landscape.

In the public sector, AI is used to enhance threat detection and response capabilities. For example, South Africa’s government is investing in AI systems to improve the resilience of public services against cyber threats. As digital transformation continues, these systems are crucial for detecting and mitigating attacks swiftly. Similarly, AI will help optimise infrastructure development and urban planning in Africa, making it imperative for governments to prioritise AI-driven cybersecurity tools to protect sensitive data.

3. Zero Trust security models: trust no one, verify everything

With the rise of remote and hybrid work environments across Africa, the Zero Trust security model, where access requests are continuously verified, will gain more prominence in 2025. Zero Trust ensures that no user or device is trusted by default, and each access request is verified based on user identity, device health, and access permissions.

For example, the South African Revenue Service (SARS) has adopted a Zero Trust architecture to protect sensitive taxpayer information. This approach ensures that every request to access or process data is verified, reducing the risk of internal and external breaches. Similarly, as businesses face increasing cybersecurity challenges, adopting Zero Trust will become essential to securing their networks and data.

In the retail sector, AI-driven Zero Trust security models will be essential in protecting sensitive customer information from cybercriminals. As e-commerce platforms continue to grow, companies will need to ensure that each user, transaction, and device is thoroughly verified to safeguard data. In financial services, Zero Trust will become critical for preventing fraud, ensuring that only trusted devices and users are allowed access to financial services and sensitive customer data.

4. Quantum-resistant cryptography

As quantum computing evolves, it presents a potential risk to traditional encryption methods. Many businesses, particularly those in sectors like finance and healthcare, rely on cryptography to protect sensitive personal and financial data. The development of quantum-resistant encryption methods will become increasingly important as businesses look to future-proof their security strategies.

Forward-thinking organisations will need to begin preparing for the transition to quantum-safe algorithms to safeguard their data long after quantum computing becomes mainstream.

This is a critical step for industries handling highly sensitive information, such as banking, telecommunications, and healthcare.

The healthcare industry will be particularly affected by this trend. AI in diagnostics and patient care relies heavily on the security of sensitive health data. Implementing quantum-resistant encryption will protect patient records and ensure that data remains secure even as quantum computing evolves. Similarly, manufacturing sectors focusing on industrial IoT and AI-driven supply chains will need to adopt quantum-resistant encryption to secure their operations.

5. Business Email Compromise (BEC) and phishing scams

Business Email Compromise (BEC) and phishing attacks remain significant threats. Cybercriminals use sophisticated tactics to impersonate trusted individuals, tricking employees into transferring funds or revealing sensitive information. These scams are particularly prevalent in large organisations and government sectors, where communication and trust are pivotal.

In South Africa, a leading bank has implemented AI-driven cybersecurity measures to counter such attacks, ensuring that their financial transactions and sensitive customer data remain protected. Across Africa, social media platforms are also becoming a popular vector for phishing campaigns, with cybercriminals using these platforms to distribute malicious links and steal personal information. Businesses must continue to enhance their security posture to prevent these attacks and educate employees on how to recognise and avoid phishing scams.

In the financial services industry, BEC and phishing scams are a major concern, with cybercriminals attempting to steal sensitive customer data or manipulate employees into transferring funds. The implementation of AI-driven fraud detection systems can help financial institutions protect their customers and prevent financial losses. In retail, AI analytics will also be crucial for identifying fraudulent activities before they lead to significant financial damage.

6. Third-party risk management

The interconnectedness of today’s business ecosystem means that third-party vendors pose a significant risk to cybersecurity. Cybercriminals increasingly target the supply chain, and a breach in a third-party system can have devastating consequences for an organisation. In 2025, businesses must focus on third-party risk management, ensuring that their vendors and partners meet stringent cybersecurity standards.

Kenya’s Safaricom and South Africa’s Standard Bank provide excellent examples of organisations that have prioritised third-party risk management. Both companies work. For the mining sector, third-party risk management is crucial to prevent disruptions in operations, especially as mining companies adopt AI-driven remote monitoring and predictive maintenance systems. Ensuring that third-party providers also meet stringent security standards will help avoid supply chain disruptions. In manufacturing, third-party risk management becomes essential for securing smart factory systems, especially as AI and IoT technologies become more integrated into production processes.

7. Human-Centric Security

Despite the growing sophistication of cybersecurity technologies, human error remains one of the biggest vulnerabilities in any security system. As cyber threats become more advanced, organisations will focus more on human-centric security, emphasising employee training and awareness to mitigate risks such as phishing and weak password practices.

The shortage of skilled cybersecurity professionals in South Africa and other parts of Africa further exacerbates the challenge of securing organisations against human error. To address this, companies must invest in continuous employee training, providing resources to help workers identify and avoid common social engineering tactics. By fostering a culture of security, where every employee plays a role in protecting the organisation's assets, businesses can significantly reduce their exposure to cybersecurity risks.

In the public sector, human-centric security will be critical to ensuring that government employees and contractors are well-trained to recognise and prevent phishing attacks, especially as AI-driven systems become more prevalent in public service delivery. Similarly, the healthcare sector will need to focus on training staff to securely handle patient data and protect against social engineering attacks, ensuring the privacy of health records remains intact.

8. Challenges in implementing cybersecurity measures
1. Limited resources: Many organisations across Africa face financial constraints, making it difficult for them to invest in advanced cybersecurity tools and hire qualified professionals. Smaller businesses, in particular, struggle to implement comprehensive security measures due to budget limitations.
2. Evolving threat landscape: Cybercriminals are continuously adapting their tactics, necessitating ongoing investment in updated security technologies and employee training. This rapid evolution of threats presents a significant challenge for businesses looking to stay one step ahead.
3. Regulatory compliance: As regulatory frameworks like the Protection of Personal Information Act (POPIA) in South Africa become more stringent, organisations must ensure compliance with evolving data protection laws. Navigating these complex requirements can be both resource-intensive and costly.
4. Skills gap: The shortage of qualified cybersecurity professionals remains one of the most significant barriers to effective cybersecurity implementation. Without enough skilled experts, organisations are vulnerable to cyberattacks.

Cybersecurity is an urgent concern for organisations across Africa as they face a rapidly evolving threat landscape. From the rise of ransomware and digital extortion to the adoption of AI-driven security tools and Zero Trust models, businesses must remain proactive in securing their digital infrastructure. The integration of quantum-resistant cryptography and a focus on third-party risk management will also play a critical role in safeguarding data.

Despite the challenges—such as limited resources, a skills gap, and regulatory complexity—organisations can enhance their cybersecurity posture by leveraging advanced technologies, fostering a security-focused culture, and collaborating with trusted cybersecurity partners. By staying ahead of these emerging trends, businesses across Africa and South Africa can ensure they are not only secure but also resilient in the face of evolving cyber threats.