Cybercrime fears among African digital users have nearly doubled in a year, yet knowledge gaps and overconfidence continue to leave individuals vulnerable, according to the 2025 African Cybersecurity & Awareness Report by KnowBe4.
The report, based on a survey of 800 professionals across seven countries, highlights a paradox: while 58% of respondents say they are “very concerned” about cybercrime, up from 29% in 2023, more than half (53%) still don’t know what ransomware is. Meanwhile, 35% reported losing money to scams and 32% said they had clicked on phishing emails.
Despite the rise in concern, many Africans still exhibit behaviors that increase cyber risk. Use of mobile financial services grew from 63% in 2023 to 85% this year, and mobile applications are now a primary target for cybercriminals. Kenya, in particular, saw a 333% rise in mobile app threats year-over-year, largely aimed at harvesting login credentials and financial data.
The report also found that smartphones dominate Africa’s digital economy, with 97% of users relying on them for work and finance, yet mobile-centric security education remains insufficient. The blend of personal and professional use, especially on platforms like WhatsApp, used by 93% for work, has blurred boundaries and increased exposure.
“Digital confidence is dangerously outpacing digital literacy,” the report warns, noting that while many respondents believe they could recognize a security breach, their actual understanding of threats such as phishing or fake news is limited. A third of respondents admitted to falling for disinformation campaigns, and understanding of secure practices like multi-factor authentication remains mixed.
READ ALSO
The findings come at a time when AI-enhanced scams, deepfakes, and fraud-as-a-service platforms are making cyberattacks more sophisticated. Criminals are not only exploiting digital platforms but are also merging physical and cyber threats, for example, kidnapping victims to access unlocked mobile banking apps in countries like South Africa.
KnowBe4 recommends African governments and businesses double down on mobile-first, scenario-based cybersecurity training, and adopt a “human risk management” model that fosters practical habits, vigilance, and digital mindfulness.
“Africa’s mobile-first digital economy can only thrive if user confidence is grounded in real skills,” the report noted.
