Cyber threats are escalating rapidly across Africa, with Morocco emerging as one of the continent’s most targeted nations, according to Microsoft’s 2025 Digital Defense Report. Drawing insights from over 100 trillion daily security signals, the report paints a sobering picture: artificial intelligence is supercharging cyberattacks, turning regions like North Africa into testing grounds for increasingly sophisticated criminal operations.
In 2024 alone, Morocco was hit by more than 12.6 million attempted cyberattacks, placing it among the top targets in North Africa. Critical sectors such as finance, telecommunications, and manufacturing are bearing the brunt of these attacks. Between July 2024 and June 2025, 26 significant cyber incidents were reported in Morocco, underscoring the country’s vulnerability within the regional digital landscape.
The rise of AI has dramatically expanded the cyberattack surface. Phishing campaigns, once relatively easy to detect, have become far more convincing and effective. With AI-generated messages crafted in local languages and impersonating trusted figures, attackers are now achieving a click-through rate of 54%, more than four times the success rate of traditional methods. These tactics are not only harder to spot but are also capable of bypassing standard security defenses.
One of the most profitable and dangerous threats remains business email compromise (BEC). Though it accounts for just 2% of all observed threats, it is responsible for 21% of successful breaches—surpassing even ransomware in terms of impact. The appeal of BEC lies in its precision: attackers infiltrate internal communications and manipulate trusted channels to defraud organizations.
The report also highlights a shift toward more intricate and layered attack strategies. Techniques include bypassing multi-factor authentication, exploiting collaborative tools like Microsoft Teams, and even using deepfakes or synthetic identities to gain access. These multi-phase operations reflect a new era of cybercrime where deception is increasingly powered by technology.
Financial damage across the African continent has surged in parallel. Losses from cybercrime nearly tripled over the past year, climbing from $192 million to $484 million. Meanwhile, the number of known victims has jumped from 35,000 to 87,000—an alarming rise that’s pushing cybersecurity to the top of the corporate agenda.
In response, Microsoft is urging companies to rethink their defense strategies. What once might have been dismissed as isolated incidents—such as stolen login credentials—should now be treated as early warnings of deeper system breaches. The tech giant emphasizes the importance of building organizational resilience, training staff to recognize emerging threats, and investing in AI-driven protection tools.
Salima Amira, General Manager of Microsoft Morocco, delivered a stark warning: the most damaging cyberattacks now occur under the radar. “We need to move away from passive defense. The only way forward is to build active, resilient systems that are part of a comprehensive security strategy,” she said.
As digital infrastructure expands and technologies like cloud computing and AI become more entrenched in African economies, the cost of inaction is becoming too great to ignore. The message is clear: modern threats require modern defenses—and time is running out.
