A stark new report has exposed a critical vulnerability in Africa's corporate defences, revealing that a majority of businesses on the continent are under siege from sophisticated artificial intelligence (AI)-driven cyberattacks while being woefully unprepared to counter them.
AI-Powered Threats Outpace Defences
The report, titled 'AI Is Raising the Stakes in Cybersecurity' from the Boston Consulting Group (BCG), is based on a global survey of 500 senior leaders, including 50 from Africa. It found that almost 60 per cent of African companies believe they experienced an AI-powered cyberattack in the last year. Despite this alarming figure, only half of these organisations prioritise using AI to bolster their own cyber defences.
Hamid Maher, Managing Director and Senior Partner at BCG Casablanca and Head of BCG’s Tech Hub in Africa, highlighted the severity of the situation. "AI is enabling a new era of cyber threats that are faster, more deceptive, and infinitely more scalable – and African businesses are already feeling the impact," he said. Maher pointed out the dangerous gap where more than half have faced AI-enabled attacks, yet only 29 per cent have advanced AI cyber defence capabilities.
The Alarming Talent and Investment Gap
The report details how AI supercharges criminal tactics, from ransomware and phishing to convincing deepfake video calls and voice cloning. One case study involved a $25 million fraud at a multinational engineering firm executed through a deepfake video call impersonating the Chief Financial Officer. Another example was an AI-generated robocall campaign that spoofed voter communications, resulting in a $1 million regulatory fine.
Despite the clear and present danger, the organisational response has been dangerously slow. BCG observed that a mere three per cent of African companies have significantly increased their cybersecurity budgets in response to the AI threat. Compounding this underinvestment is a severe talent crisis: 82 per cent of African companies report difficulty hiring AI-cybersecurity talent, compared to 69 per cent globally.
Hakim Hamane, Managing Director at BCG Platinion Casablanca, warned, "While attackers are evolving with AI, most organisations across Africa are still relying on outdated tools and underfunded strategies. When 82 per cent of companies struggle to hire AI security talent, it’s clear that the continent’s cybersecurity posture must shift from reactive to truly future ready."
An Urgent Call for Leadership and Action
The report identifies the most critical AI-powered threats expected over the next two years as AI-enabled financial fraud (43%), AI-powered social engineering (39%), AI-accelerated vulnerability discovery (28%), and adaptive AI-powered malware (26%). High-risk exposure spans all industries, with healthcare and government sectors among the most vulnerable.
BCG issues an urgent call for a dual leadership model to close the defence gap. It recommends that CEOs must prioritise cybersecurity and AI at the board level, securing a Board-backed mandate and funding. Simultaneously, Chief Information Security Officers (CISOs) need to accelerate the deployment of high-impact, AI-enabled defence tools and secure the AI systems their organisations are building.
Vanessa Lyon, Global Director of BCG’s Centre for Leadership in Cyber Strategy and co-author of the report, declared the era of passive defence over. "Attackers are moving at machine speed. The only winning strategy is to meet autonomy with autonomy, through intelligence, leadership, and commitment," she stated. "This is the moment when organisations decide whether they will shape the AI-cyber landscape or be shaped by it."
