Do cybersecurity agencies make any difference?

CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.

HIGHLIGHTS

Do cybersecurity agencies make any difference?

Yes, cybersecurity is important, and Africa is especially lacking in it. One of the ways governments are trying to solve this is by centralising cybersecurity under a single national authority. They can dedicate a government parastatal with the mandate, budget, and political backing to coordinate what is otherwise a scattered patchwork of telecom regulators, central banks, and police cybercrime units. 

You can do this by consolidating existing CERTs and regulatory functions under one roof, or, as Kenya, Morocco, and Algeria have done in the past week, create a new agency to own the problem.

Kenya's cabinet approved the proposal in late 2025, and on May 15, 2026, President William Ruto signed the National Cybersecurity Agency Order, establishing the NCSA as an autonomous body under the State Corporations Act. Parliament approved it on June 22. The agency absorbs functions previously scattered across the Communications Authority, the ICT ministry, and security agencies, and it will run the National Cybersecurity Operations Centre, audit critical infrastructure, and build a "Cybersecurity Centre of Excellence" to address the country's skills gap. The government is putting roughly $31 million (Ksh4 billion) behind it.

Kenya's Communications Authority recorded roughly 3.37 billion cyber threat events between January and March 2026 alone, and 12.5 billion across all of 2025, a 247% jump from the year before. Morocco recorded over 20.7 million cyberattack attempts in just the first half of 2025, according to telemetry shared at the KNext Rabat conference, including 879 confirmed incidents and 109 classified as critical, hitting finance, telecoms, and public administration. Algeria, for its part, recorded more than 70 million cyberattacks in 2024 alone, ranking 17th globally among most-targeted nations.

In theory, the goal of a national cybersecurity agency is to serve as the country's central technical authority for detecting and responding to digital threats, function as a kind of government cybersecurity intelligence unit feeding threat data back into policy, and shape the laws and regulations that govern how both public and private digital infrastructure gets protected.

The United States' CISA pools threat intelligence across government and industry, and StopRansomware.gov, a clearinghouse of joint advisories with the FBI, NSA, and international partners, that have repeatedly helped organisations identify and block specific ransomware strains (Interlock, Medusa, Play, Ghost) before they spread further.

The UK's National Cyber Security Centre (NCSC), part of GCHQ, in its 2025 Annual Review (covering September 2024 to August 2025), the NCSC handled 429 incidents requiring direct support, of which 204

The Nigerian Computer Emergency Response Team (ngCERT) was established in 2015 under the Cybercrime (Prohibition, Prevention, etc.) Act, with the Office of the National Security Adviser holding overall policy responsibility and NITDA running a dedicated Cybersecurity Department. By its example, these agencies are notorious for going quiet after the launch while the country's underlying cybersecurity exposure barely moves, and budgets keep flowing toward the new institution.

Ghana, Cyber Security Authority (CSA), established under the Cybersecurity Act, 2020, is a clear example of how much these agencies can effect, having led historic documentation efforts, policy drives, and technical defence. Yet, financial damage has kept climbing. The CSA's own data shows Ghana lost GH¢23.3 million to cybercrime in 2024, then GH¢14.9 million in just the first half of 2025 (a 17% year-on-year jump), pushing the 18-month total past GH¢38 million. By the end of September 2025, losses for the year alone had crossed GH¢19 million, again a 17% increase on the same period in 2024. Reported incidents rose from 1,317 in the first half of 2024 to 2,008 in the first half of 2025. 

FEATURE

• Why South Africa’s banks are becoming telecom companies

HEADLINE

• Namibia block Starlink operation after rejecting 624 appeal over ownership rule

• Rwanda extend ID for refugees

• Cybersecurity disaster: South Africa warned over major database leak

• Eswatini expands digital inclusion with distribution of smartphones and assistive learning devices

• Kenya reports three billion cyberattacks in three months with Nairobi leading in number of cases

• Ghana among Africa’s main BEC hubs as cyber losses rise

• Nigeria’s Central Bank orders banks, fintechs to store payment data locally

• Angolan authority levies $617,000 in fines for regulatory breaches

• Telecom Egypt, NTRA and AASTMT launch cybersecurity innovation lab in Egypt

• Algerian man arrested, extradited to the United States for his role in black market fraud conspiracy that targeted thousands of victims

• Algeria Launches sectoral cyber incident response center to strengthen digital resilience

• Namibia and Algeria exit FATF’s ‘Grey List’ - will Cote d’Ivoire, Kenya, or DRC be next?

• Somalia takes part in islamic data protection network meeting in Turkey

• Burundi studies india stack for digital identity and payment reforms

ACROSS THE WORLD

• Guardian Agents: The next layer of identity governance

• Russia accuses Apple of ‘political censorship’ after VK apps removed from App Store