Africa's financial systems are going digital faster than they can be secured

inside: Safaricom legal battles and other headlines across African infosec

Author

CybAfrique Media
May 16, 2026

CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.

HIGHLIGHTS

Africa's financial systems are going digital faster than they can be secured

At a recent cybersecurity and financial systems summit in Dakar, African regulators and central bank officials discussed a growing concern: the continent’s financial infrastructure is expanding faster than its ability to secure it. The warning cut across countries, including Botswana, Togo, and Tunisia, where officials acknowledged gaps in banking cybersecurity, regulatory readiness, and digital asset oversight.

Data presented by Boston Consulting Group suggests a widening gap between investment in financial cybersecurity and institutional readiness. While global banks now allocate tens of billions of dollars annually to cybersecurity, African banks continue to lag on cyber maturity benchmarks, averaging around 2 out of 5 compared to a global average of 3.4. The same analysis highlights structural weaknesses in banking infrastructure, including legacy systems and limited adoption of modern authentication technologies.

Across the continent, regulators say the challenge is no longer just about individual attacks, but about system readiness. In the Democratic Republic of Congo, Central Bank Governor André Wameso noted that the role of Chief Information Security Officer did not previously exist within the central bank, underscoring institutional gaps in cybersecurity governance.

He also raised concerns about the rapid rise of cryptocurrency use in the country, where millions of users reportedly access Bitcoin through telecom-linked wallets outside formal regulatory systems. At present, only a small number of African countries have established formal legal frameworks for virtual assets, leaving regulators struggling to define oversight boundaries. 

The Deputy Governor of the Central Bank of Tunisia called on the IMF and the BIS to accelerate global standards for crypto-asset reporting and statistical frameworks, citing growing regulatory fragmentation. 

Kealeboga Masalila, Deputy Governor of the Bank of Botswana, said cybersecurity governance should be formally integrated into prudential supervision frameworks. He added that oversight should extend beyond technical security teams to include boards, senior management, and third-party providers such as fintech companies and telecom operators. 

Safaricom legal battles

Kenya’s Safaricom has faced legal and regulatory scrutiny across both intellectual property and data protection domains. 

In one case, the company was found liable for copyright infringement relating to the M-Teen Mobile Wallet system, following claims by developer Peter Nthei Muoki and Beluga Ltd that elements of the design behind M-Pesa’s teen product were copied. The court reportedly awarded damages of approximately KSh 1.4 billion, with further discussions on royalties linked to M-Pesa revenues. Safaricom has disputed the claims, arguing that the product was independently developed.

In a separate matter, the company acknowledged processing data belonging to a former employee but argued it was done under lawful grounds, including fraud prevention, internal investigations, and compliance.

The case sits within Kenya’s Data Protection Act (2019), which requires that personal data processing remain lawful, limited in scope, and purpose-bound, even after employment ends.

FEATURES

HEADLINES

ACROSS THE WORLD

See you next week.

Reply

or to participate.