A new BCG report reveals that nearly 60% of African firms have been targeted by AI-enabled cyberattacks, yet only 3% have increased security budgets—exposing a dangerous gap in the continent’s digital armor.
African businesses are finding themselves on the losing side of a rapidly escalating digital arms race. As artificial intelligence transforms cybercrime into a more sophisticated, scalable threat, companies across the continent are struggling to mount adequate defenses, according to a stark new report from Boston Consulting Group.
The study, titled AI Is Raising the Stakes in Cybersecurity, surveyed 500 senior leaders globally, including 50 from Africa, and uncovered a troubling reality: almost 60% of African companies believe they experienced an AI-powered cyberattack in the past year, yet only half prioritize using AI to improve their cyber defenses. Even more concerning, only 29% of African firms have advanced AI cyber defense capabilities.
The New Face of Cybercrime
Artificial intelligence is fundamentally changing how cyberattacks are executed. Attackers are now utilizing AI for everything from hyper-realistic phishing and voice cloning to deepfake video fraud and adaptive malware. These tools allow criminals to operate at what experts call “machine speed”—launching attacks faster and more convincingly than ever before.
The BCG report documents several high-profile incidents that illustrate the devastating potential of AI-enhanced cybercrime. A $25 million fraud incident at a multinational engineering firm was triggered by a deepfake video call impersonating the CFO. In another case, an AI-generated robocall campaign led to a $1 million regulatory fine. Healthcare systems have also been targeted, with ransomware attacks encrypting hospital systems and delaying surgeries.
“AI is enabling a new era of cyber threats that are faster, more deceptive, and infinitely more scalable—and African businesses are already feeling the impact,” said Hamid Maher, Managing Director and Senior Partner at BCG Casablanca and Head of BCG’s Tech Hub in Africa. He warned that the gap between the speed of attackers and the tools defenders use is creating an exposure level the continent can no longer afford.
A Continent Falling Behind
Despite the rising threat level, corporate response across Africa has been sluggish. The numbers paint a concerning picture:
- Only 3% of African companies have significantly increased their cybersecurity budgets due to AI, compared to 5% globally
- 82% of African companies report difficulty hiring AI-cybersecurity talent, substantially higher than the global average of 69%
- Less than 30% of AI-enabled defense tools are considered advanced by African organizations
- Only 7% of global organizations have deployed AI-enabled defense tools, though 88% plan to do so
The talent shortage is particularly acute. With more than eight in ten African firms struggling to find qualified AI security professionals, many organizations are forced to rely on outdated defensive systems against cutting-edge threats.
“While attackers are evolving with AI, most organisations across Africa are still relying on outdated tools and underfunded strategies,” said Hakim Hamane, Managing Director at BCG Platinion Casablanca. He emphasized that when 82% of companies struggle to hire AI-security talent, the continent’s cybersecurity posture must shift from reactive to truly future-ready.
The Threats Ahead
Looking forward, executives across Africa identified their top cybersecurity concerns for the next two years:
- AI-enabled financial fraud (43%)
- AI-powered social engineering (39%)
- Attackers using AI to accelerate vulnerability discovery (28%)
- AI-powered malware that learns and adapts to bypass defenses (26%)
The healthcare and government sectors are considered among the most vulnerable, according to the BCG analysis. As African nations accelerate their digital transformation initiatives, the attack surface continues to expand, creating additional points of vulnerability.
A Call for Leadership and Action
BCG’s report emphasizes that closing the defense gap will require coordinated leadership at the highest levels. The consulting firm recommends a dual approach: CEOs must prioritize cybersecurity and AI at the board level, while Chief Information Security Officers accelerate deployment of high-impact, AI-enabled defense systems.
Specific recommendations include:
- Establishing board-backed AI-cyber mandates with appropriate funding
- Deploying AI defenses where they can most effectively reduce risk
- Securing the AI systems organizations are building
- Building cyber agility through multi-vendor architecture
“The era of passive cyber defense is over. Attackers are moving at machine speed,” said Vanessa Lyon, Global Director of BCG’s Centre for Leadership in Cyber Strategy and co-author of the report. She argued that the only winning strategy is to meet autonomy with autonomy, through intelligence, leadership, and commitment.
A Digital Crossroads
Africa stands at a critical juncture in its digital evolution. The continent’s rapid technological advancement and growing digital economy make it an attractive target for cybercriminals, yet the infrastructure to defend against sophisticated AI-powered attacks remains underdeveloped.
The stakes extend beyond individual companies. Successful cyberattacks can disrupt critical infrastructure, compromise sensitive government data, undermine financial systems, and erode public trust in digital services—all of which could slow the continent’s economic progress.
As African businesses navigate this treacherous landscape, the BCG report serves as both a warning and a roadmap. The question is no longer whether to invest in AI-powered cybersecurity, but how quickly organizations can mobilize resources, attract talent, and deploy advanced defenses before the next wave of attacks strikes.
“This is the moment when organisations decide whether they will shape the AI-cyber landscape or be shaped by it,” Lyon concluded—a stark reminder that in the age of AI-powered cybercrime, standing still is not an option.
This article is based on Boston Consulting Group’s report “AI Is Raising the Stakes in Cybersecurity,” released in January 2026.
