Follow Us on Google
By Chinenye Anuforo
Cybercrime across Africa has reached alarming new heights, with total financial losses surging from $192 million to $484 million in just one year, according to Microsoft’s newly released Digital Defence Report 2025. The report revealed how artificial intelligence (AI) is transforming the global cyberthreat landscape, enabling more sophisticated, profitable, and faster attacks, with Africa emerging as both a prime target and a testing ground.
Drawing insights from over 100 trillion daily security signals, Microsoft’s report highlighted a significant shift in how cybercriminals operate. Advanced technologies such as AI-crafted phishing, synthetic identities, autonomous malware, and prompt injection attacks have made cybercrime not only more efficient but also harder to detect.
“Africa is not just a target, it has become a proving ground for the latest cyber threats,” said Kerissa Varma, Microsoft’s Chief Security Advisor for Africa. “Attackers are now using AI to craft phishing messages in local languages, impersonate trusted individuals, and exploit the very platforms we depend on daily.”
The report showed that in 80 per cent of cyber incidents investigated by Microsoft’s security teams, attackers aimed to steal data, driven largely by financial motives rather than espionage. Despite progress in law enforcement with arrests increasing across 19 African countries, both the number of victims and the scale of financial loss have grown dramatically, rising from 35,000 victims in 2024 to 87,000 in 2025.
Microsoft identified government institutions, information technology, and academia as the most targeted sectors due to their handling of sensitive data. Other heavily attacked industries include NGOs, manufacturing, transportation, financial services, and healthcare.
Artificial intelligence has emerged as a game-changing force in cybercrime. AI-crafted phishing campaigns now record a 54 per cent click-through rate, making them 4.5 times more effective than traditional phishing attempts, and can increase the profitability of attacks by up to 50 times. Criminals are also deploying autonomous AI agents that probe systems and execute attacks without human input. Meanwhile, the use of synthetic identities and deepfakes has redefined social engineering, making it easier to deceive targets and bypass identity verification.
Microsoft reported a 195 per cent global increase in AI-generated identities being used to exploit free trials, create disposable accounts, or launch attacks anonymously. The report also highlights the emergence of AI twinning, where digital replicas of individuals or systems are used to manipulate trust, and prompt injection attacks, which corrupt AI models and damage reputations.
Among financially motivated cyberattacks, Business Email Compromise (BEC) remains the most damaging. Although BEC represented just two per cent of total threats, it accounted for 21 per cent of successful cyberattacks, surpassing ransomware at 16 per cent. These attacks often begin with phishing or password spraying, then progress to inbox rule manipulation, multi-factor authentication tampering, and email thread hijacking, all designed to impersonate executives and divert funds.
South Africa is singled out as a global hub for BEC infrastructure and money laundering operations. Microsoft cites Storm-2126, a Nigerian-origin group operating out of South Africa since 2017, which has been linked to attacks targeting real estate, legal, and construction firms in the United States.
According to Amy Hogan-Burney, Microsoft’s Corporate Vice President for Customer Security and Trust, over 52 per cent of cyberattacks worldwide are motivated by financial gain, largely driven by extortion and ransomware, while espionage accounts for just four per cent. Microsoft’s security systems now block 4.5 million new malware attempts daily, analyse 38 million identity risk detections, and screen 5 billion emails for phishing and malicious content every day.
However, the report warned that the democratisation of cybercrime through automation and off-the-shelf hacking tools means that even low-skilled criminals can now launch sophisticated, high-impact operations.
The message from Microsoft is clear: cybersecurity can no longer be treated as a technical issue; it must be a strategic business priority. “Defenders must fundamentally rethink their approaches to cyber resilience,” Varma noted. “Trust alone is no longer enough even familiar platforms and tools can be turned against us.”
Organisations are urged to deploy AI-powered security systems, enforce phishing-resistant multifactor authentication (capable of blocking 99 per cent of identity attacks), and build cyber resilience frameworks that integrate prevention, detection, and rapid response. Microsoft also emphasises the need for greater cross-industry collaboration and capacity building across African nations.
To strengthen defences, Microsoft is expanding its Secure Future Initiative (SFI), the largest cybersecurity engineering project in the company’s history, across Africa. The initiative is designed to transform how Microsoft designs, builds, tests, and operates its products while helping organisations build resilience against AI-driven threats.
The Microsoft Digital Defence Report 2025 concluded with a warning: Africa stands at a crossroads. As the line between innovation and exploitation blurs, the continent’s digital progress depends on how swiftly governments, businesses, and individuals adapt to an AI-fuelled threat landscape.
“By investing in comprehensive cybersecurity strategies and leveraging AI-powered defences, Africa can position itself as a crucial frontline against emerging threats and build a safer, more resilient digital ecosystem,” Varma said.
