What defined African infosec in 2025?

CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.

Foreword

Hi, Muhammed here.

I work remotely from Nigeria. Most days, that means my ability to earn a living, collaborate, publish, and even think clearly is tied to something as fragile as a blinking router light. Over the last few years, Internet access has stopped being a convenience for me and many others like me. When it works, life moves. When it doesn't, everything stalls.

In 2025, that fragility became harder to ignore.

On one hand, connectivity expanded. Satellite Internet, like Starlink, filled gaps that terrestrial networks could not, in rural areas, conflict zones, and places where fibre cuts or poor coverage made "reliable Internet" a joke. For freelancers, journalists, aid workers, and small businesses, these technologies kept people online when they would otherwise be cut off entirely.

On the other hand, the same year reminded us that access is never neutral. Governments across Africa continued to treat the Internet as a switch they could flip at any time — during elections, protests, exams, or conflict. 

What struck me most is how uneven this landscape has become. While some of us are debating latency improvements and redundancy, others are dealing with total blackouts. While Satellite Internet, like starlink promises resilience, it also introduces new security risks, regulatory tensions, and uncomfortable questions about who controls access when states decide their people should not have it.

This roundup is our attempt to step back and take stock. 

Across three parts, we look at what actually shaped the African infosec space in 2025. We looked at the deeper pattern: who controls connectivity, how infrastructure is protected or attacked, how laws are used, and how power moves through digital systems. Part 1 starts with access, because everything else, security, rights, crime, governance, sits on top of it.

We made this roundup to document, connect the dots, and ask better questions going into 2026.

Happy New Year?

• Internet shutdowns

In 2025, internet shutdowns hit Tanzania during the October presidential and parliamentary elections, Cameroon during its election cycle, Libya amid protests, and  Sudan for reasons ranging from conflict to examination blackouts. Governments used connectivity to control narratives and suppress dissent.

Internet shutdowns have increasingly become a normalized instrument of state control across the continent rather than an exceptional security response. The #KeepItOn coalition documented 21 shutdowns across 15 African countries in 2024. The 2025 numbers continued climbing, keeping Africa among the world’s most digitally repressed regions. In March 2024, the African Commission on Human and Peoples' Rights adopted Resolution 580, urging states to keep the internet on during elections. Compliance in 2025 was nearly nonexistent. The resolution had no teeth. Governments faced no consequences. Economic losses ran into the billions annually. Democratic participation suffered accordingly.

In Sudan, the civil war between the Sudanese Armed Forces (SAF) and the Rapid Support Forces (RSF) turned telecommunications infrastructure into both a target and a weapon. Throughout 2025, the destruction of physical infrastructure combined with deliberate network disruptions produced prolonged and localised blackouts. A year-long internet shutdown in Wad Madani was lifted only in January 2025, while Khartoum and other conflict zones continued to experience intermittent outages. 

These blackouts directly prevent residents from communicating with family, seeking safe zones, and accessing life-saving necessities, while simultaneously crippling the delivery of aid by Emergency Response Rooms (ERRs) and international humanitarian organisations, which rely on mobile money and online coordination.

While large-scale spyware deployments were less prominent in 2025 than network-wide shutdowns, Sudan’s conflict featured extensive information warfare and digital repression. Both the SAF and RSF engaged in coordinated online propaganda, narrative manipulation, and disinformation campaigns across social media platforms. In October 2025, Sudan’s Cabinet approved draft amendments to the Cybercrime Law, criticised for criminalising online speech, enabling warrantless searches, and imposing severe penalties for vague offences such as undermining the “prestige of the state.” Cyberattacks against online media outlets, including hacking and mass-reporting campaigns, were also used to suppress critical coverage of the conflict.

Since 2024, the justification for shutdowns has evolved from being primarily election-focused to more frequent use for protest control, dissent suppression, exam management, and, increasingly, as a tool of warfare. Although civil society organisations have improved shutdown documentation and legal challenges, enforcement against state actors proves difficult. Looking ahead to 2026, election-related shutdowns are expected to persist in countries preparing for polls, including Côte d’Ivoire, Uganda, and Zambia, further testing the authority of ACHPR Resolution 580. Governments are also likely to expand subtler forms of digital repression, such as network throttling, selective platform blocking, and potential adoption of state-sponsored spyware, complicating detection and accountability efforts.

• 5G and fiber lines

MTN reported 5,478 fiber cuts in Nigeria between January and August 2025, averaging more than 20 cuts per day. Some of these were caused by road constructions and other non-targeting activities, but many were also caused by theft and targeted vandalism

At the continental level, the March 2024 undersea cable cuts, which crippled services across the continent, made the vulnerability impossible to ignore. Africa's digital infrastructure, for all its expansion, remained fragile at the most basic physical level.

Following these disruptions, the focus shifted from network expansion to active resilience and redundancy, emphasising the security of existing infrastructure. In Nigeria, telcos like MTN partnered with Huawei to deploy AI-assisted monitoring systems to proactively protect terrestrial fiber networks from physical intrusions and sabotage. This shift from reactive repair to proactive, technology-driven defence represents a major evolution in asset protection for Africa’s critical network backbone.

The fragility of undersea and terrestrial fiber networks catalysed legal and cooperative responses. Nigeria’s Presidential Order of June 2024 formally designated telecom infrastructure as Critical National Information Infrastructure (CNII), mandating active protection by law enforcement agencies such as the NSCDC. Internationally, Nigeria hosted the Submarine Cable Resilience Summit in February 2025 to formalise cooperation and risk mitigation strategies for undersea cables. South Africa, as a major cable landing point, remains actively engaged in these regulatory and resilience-building discussions.

The most notable shift since 2024 is the elevation of telecom infrastructure security to a critical national security priority following the March 2024 outages. This urgency prompted regulatory mandates for operators to adopt advanced, proactive solutions. The sheer scale of terrestrial cable disruptions has led telcos to invest in AI monitoring systems, moving away from traditional patrol and repair strategies.

Looking ahead to 2026, Nigeria plans to deploy an additional 90,000 km of terrestrial fiber to enhance redundancy and mitigate single-point failures. Across the continent, emphasis will increasingly be placed on resolving inland “last mile” connectivity challenges, ensuring that emerging 5G networks are underpinned by highly resilient and redundant physical infrastructure.

• Starlink

Starlink’s African footprint expanded in 2025, from 8 countries to over 25 by December. Seven new markets launched in the first seven months alone, including Liberia, Niger, and Chad. Since its African entry through Nigeria in 2023, Starlink has delivered median download speeds exceeding 40 Mbps, with speeds surpassing 85 Mbps in Botswana and Eswatini, often outperforming incumbent ISPs despite persistent regulatory challenges and high hardware costs.

But expansion brought exposure. In the Sahel, Starlink’s kits flooded smuggling routes, often from Nigeria, using the same trafficking corridors that move weapons and contraband, to reach areas where the service is either unlicensed or where terrestrial networks are unavailable or unreliable. These movements are enabled by the kits’ portability, limited border official familiarity, and bribery.

Violent extremist groups, including Jama’at Nasr al-Islam wal Muslimin (JNIM) and Boko Haram, have exploited smuggled terminals for secure communications, battlefield coordination, and propaganda dissemination, strengthening their operational effectiveness.

Established African telecommunications operators have lobbied regulators to impose strict licensing, taxation, and ownership rules in response to Starlink’s competitive threat, contributing to delayed market entry in countries such as South Africa. Meanwhile, the U.S. government, under Trump, has been accused of using diplomatic and trade pressure to encourage African states, including Lesotho and Gambia, to fast-track regulatory approvals for Starlink and other U.S. satellite providers.a

Since 2024, Starlink’s African operations have scaled rapidly alongside notable performance gains. The deployment of a Nairobi Point of Presence (PoP) in January 2025 reduced latency across Kenya and Rwanda, improving regional service quality. Several countries that initially restricted or banned Starlink, including Cameroon and Zimbabwe, shifted toward formal licensing negotiations in 2025, while Morocco prepared to approve. In late 2025, South Africa introduced policy changes allowing foreign providers to meet localisation requirements through equity-equivalent programmes, rather than a mandatory 30% local ownership stake.

The competitive environment will intensify in 2026. Amazon’s Kuiper (branded Amazon Leo), is expected to begin African coverage by mid-2026, and China’s Spacesail Qianfan. Starlink’s planned “Direct to Cell” capability, enabling unmodified 4G mobile phones to connect directly to satellites, may expand rural connectivity but is likely to introduce new regulatory, security, and market governance challenges across the continent.

• Telcos

African telcos faced a paradox in 2025: their own security improved dramatically even as threats around them exploded. Safaricom reported a 90% drop in cybersecurity incidents affecting its enterprise clients after deploying an advanced Managed Security Operations Centre (MSOC). a reduction in Yet, the wider Kenyan digital ecosystem faced 4.6 billion cyber threats in Q2 2025, highlighting ongoing pressure on the telecom and mobile money sectors, which collectively account for 70% of Africa’s cyber incidents and losses. In Nigeria, physical infrastructure attacks were particularly severe, with over 19,000 fibre cuts recorded between January and August 2025 due to vandalism and theft, causing widespread network outages.

Threats targeting telecoms are increasingly sophisticated, shifting from basic perimeter attacks to identity-based fraud and attacks on core services. Traditional malware, phishing, and online scams remain, but AI adoption has reshaped the threat landscape: criminals now use AI-generated deepfakes and adaptive malware to target mobile users directly. Furthermore, the unbundling of telco financial services, such as Airtel Africa’s planned IPO of Airtel Money in 2026, creates new, independent fintech entities that are high-value targets, requiring specialized security strategies and regulatory oversight.

Discussions in 2025 centred on the responsibility of telcos to safeguard critical national information infrastructure (CNII) and customer data, with regulators advocating for a collective defence model. In Nigeria, a Presidential Order formally designated telecom infrastructure as CNII, mandating agencies like the NSCDC to protect assets from physical attacks and sabotage. Bodies like the NCC have emphasised that telecom security is a national duty, advocating for stakeholder awareness campaigns and strict enforcement against vandalism.a

Since the major attacks of 2024, major telcos such as Safaricom and MTN have began adopting “secure by design” and zero-trust architectures, moving away from reactive cybersecurity models. This proactive approach explains the reduction in direct enterprise cyberattacks, even as overall threats against the sector intensified. Regulatory frameworks have also hardened, particularly in Nigeria, by formally recognising telecom infrastructure as a critical national asset.

• Digital access amidst instability

In 2025, internet shutdowns and digital repression remained key tools for authoritarian control in African countries experiencing political instability. Sudan experienced a rapid decline in digital rights after the military government enacted a sweeping cybercrime law in early 2025, which criminalized online speech, blocked digital platforms, and empowered security forces to conduct arbitrary digital searches. In West Africa, Mauritania restricted mobile internet for 22 days following disputed June elections, while Togo enforced a 43-day internet shutdown during political unrest, blocking key social media platforms. Similar politically motivated shutdowns occurred in Tanzania during elections, illustrating a growing normalisation of connectivity restrictions that undermine transparency, civic participation, and economic stability.

A critical continental development in 2025 was the ECOWAS Court of Justice ruling in May against Senegal, declaring the country’s prior internet and social media shutdowns unlawful and in violation of citizens’ rights to free expression and work. This landmark decision explicitly linked internet access to socio-economic rights, creating a binding precedent for the ECOWAS region and strengthening the legal position of digital rights defenders. Concurrently, humanitarian organisations, such as the Red Cross, relied on digital tools, biometrics, and mobile money to deliver aid, highlighting both opportunities and risks, particularly data misuse, “function creep,” and security vulnerabilities in conflict zones.

The most significant change since 2024 is the judicial and regional consolidation against arbitrary internet shutdowns. The ECOWAS Court ruling against Senegal transformed shutdowns from widely tolerated practices into legally condemnable violations of regional human rights law. On the policy side, the African Commission on Human and Peoples’ Rights (ACHPR) adopted Resolution 630 in March 2025, mandating the development of African Guidelines to hold digital platforms accountable for information integrity, directly responding to regressions in Big Tech moderation policies.

Looking ahead, 2026 is expected to see continued legal enforcement against states imposing arbitrary shutdowns, leveraging the ECOWAS Court precedents. Additionally, the deployment of satellite-based internet connectivity may provide alternative access for marginalized or conflict-affected communities, while also raising new questions about government pressure, surveillance, and censorship obligations for non-terrestrial service providers.

In Part 2, out next Tuesday, we will examine technical vulnerabilities and how they were exploited.