Index  ›  world  ›  City PM
world · City PM ↗

In West Africa, Digital Transformation is Fueling Cybercriminals’ Appetite

City PM Reviewed Jul 3, 2026 ✓ Reviewed by citations.press editors
Citation-ready fact
Three Senegalese public institutions were hit by major cyberattacks in less than six months.
3 · Senegalese public institutions
View source ↗
Citation-ready fact
Senegal launched a 'Technological New Deal' in 2026.
2026 · Technological New Deal
View source ↗
Citation-ready fact
The law on personal data protection in Senegal dates back to 2008.
2008 · law on personal data protection
View source ↗
Citation-ready fact
Senegal aims to become a technological hub in West Africa alongside Côte d’Ivoire and Benin.
3 · countries aiming to be technological hubs in West Africa
View source ↗
Citation-ready fact
Phishing attempts in Sub-Saharan Africa number in the tens of millions.
at least 10000000 · phishing attempts
View source ↗
Citation-ready fact
The three countries most affected by phishing attacks are Kenya, South Africa, and Morocco.
3 · countries most affected by phishing attacks
View source ↗
Citation-ready fact
Senegal is facing a debt crisis that weighs heavily on public finances.
1 · country facing a debt crisis
View source ↗

After the tax authority in October, then the agency responsible for issuing national identity cards earlier this year, now it was the Public Treasury’s turn to be targeted. In less than six months, three Senegalese public institutions have been hit by major cyberattacks.

“Africa is becoming the new playground for cybercriminals,” observes Clément Domingo, a cybersecurity expert and whistleblower known on X under the nickname SaxX. The reason is simple: the continent is digitizing rapidly but is often poorly secured. “The more a country digitizes, the more it increases its attack surface,” Domingo adds.

Senegal illustrates this paradox. Committed to the rapid modernization of its public services, the country launched a “Technological New Deal” in 2026 built around four pillars: digital leadership, development of the digital economy, digitization of public services, and digital sovereignty. In practical terms, Senegalese daily life is gradually moving online.

With offerings such as Sénégal Services, it is now possible to obtain a birth certificate or renew identity documents online. In a country where banking penetration remains low, the growth of mobile payments has also enabled a large share of the population to access financial services. Electricity bills, tolls, and telephone services can now be paid through applications such as Wave or Orange Money.

This digitization, though still incomplete, represents undeniable progress. It simplifies administrative procedures, reduces costs, and promotes economic inclusion, particularly in rural areas. It also opens the door to new uses, notably through artificial intelligence, which could eventually make public services available in local languages. But it also exposes still-nascent infrastructures, where cybersecurity is not systematically built in.

In Senegal, several structural weaknesses remain, Clément Domingo notes: heterogeneous and sometimes obsolete IT systems, a shortage of local expertise in key positions, and an inadequate legal framework. The law on personal data protection dates back to 2008, and no comprehensive cybersecurity legislation yet fully structures the national response.

In this context, attacks are multiplying in an environment where awareness remains low. Across the continent, experts point to a massive lack of awareness of digital risk. Businesses and government agencies have become prime targets. Sub-Saharan Africa is the most exposed region, according to Kaspersky, the cybersecurity company known for its antivirus solutions, and phishing attempts number in the tens of millions. The three countries most affected by such attacks are Kenya, South Africa, and Morocco.

Senegal is no exception to this trend. The attacks may be carried out by lone hackers, organized criminal networks, or groups linked to states. “It is extremely difficult to formally attribute an attack,” recalls Franck Kié, founder of the Cyber Africa Forum. The motives are varied. They may be financial, political, or strategic. “Targeting public institutions allows attackers to make a name for themselves, but also to destabilize a country,” the expert notes.

For Anas Chanaa, founder of Nucleon Security, a company that designs and deploys automated cybersecurity solutions in Africa, such attacks can be part of geopolitical dynamics. In this context, African actors are increasingly seeking to diversify their technology partners. “There is a desire to no longer depend solely on certain powers,” he observes, with greater attention being paid to the origin of technologies and control over data.

But beyond these strategic issues, the consequences can be immediate. Stolen data can be resold, used in phishing campaigns—fraudulent messages impersonating institutions or companies to extract confidential information—or employed in financial fraud. In some cases, they can even feed networks involved in forging official documents.

These attacks are also reviving the debate over digital sovereignty. Where is citizens’ data stored? Who controls the infrastructure? Which technology partners are involved? “Sovereignty is not autarky, but the ability to choose one’s partners and control one’s data,” insists Franck Kié. Yet in many African countries, critical infrastructure still relies heavily on foreign technologies.

Senegal aims to become a technological hub in West Africa, alongside Côte d’Ivoire and Benin. But it remains vulnerable, as recent attacks have demonstrated. Faced with these growing risks, the authorities have begun to respond by strengthening certain institutions and expressing their intention to build a national strategy. But the task remains immense.

For Gérald Da Costa, a cybersecurity professional and author of a white paper on digital sovereignty in Senegal, the challenges are primarily structural. “There needs to be a strong, independent authority capable of steering the national strategy and overseeing its implementation,” he argues. He also calls for closing the skills gap through large-scale training efforts and the creation of a structured sector.

Finally, digital sovereignty cannot be achieved without sustained local investment. “As long as we depend on external funding and solutions, we will not be fully in control of our cybersecurity,” he warns. It is a major challenge in a country already facing a debt crisis that weighs heavily on public finances.

This article was originally published by City PM ↗. citations.press indexes the source-backed facts above and links to the original. Something wrong? Corrections policy · Report an error