AGCG Genuine
Consulting Group

In 2025, the annual cost of cybercrime worldwide is estimated at nearly 9.5 trillion US dollars. Behind these staggering amounts lie very concrete stakes for States, regulators, infrastructure operators, banks, insurers, industrial players and African SMEs.

For a ministry, it is about continuity of government and citizens’ trust. For an energy or telecom operator, the availability of vital services. For a bank or insurance company, the stability of the financial system. For an industrial company, sometimes the survival of the business itself.

And yet, one question comes up again and again, very directly : "Okay, we understand that cybersecurity is important. But here in Africa, in Congo, with our realities… what can we actually do in practice?"

This keynote offers a pragmatic response to that question : to look reality in the eye, clarify what really matters and use innovation – organisational, technological and AI-driven – as a lever for digital defence and sovereignty, rather than just another buzzword.

1.1. A continent now at the heart of attack campaigns

Africa is no longer on the sidelines of cyberthreats : several studies show that African organisations are now subject to a significant share of major ransomware campaigns, even though the continent represents a smaller portion of the global digital economy.

In some regions, more than 30 % of reported crimes are already linked to cybercrime : online scams, ransomware, digital extortion, business email compromise, mobile-banking fraud.

---

1.2. Critical sectors directly targeted

On the ground, attacks primarily target :

• online public services (taxation, health, education, e-government) ;
• essential services (electricity, water, telecoms, transport) ;
• digital financial services (online banking, mobile money, payments).

In some countries, losses linked to digital fraud and mobile banking already amount to hundreds of millions of US dollars per year, with the number of incidents rising sharply.

---

1.3. A single major incident can destabilise an organisation

Globally, the average cost of a data breach is estimated at more than 4 million US dollars per incident. In an African context where budgets are constrained, a single serious incident can put a ministry, regulator, bank or SME under lasting strain.

The question is therefore no longer "Will we be attacked?", but rather "When it happens, will we be ready?" – and will we have made the right decisions in time, or too late?

2.1. Innovating in how risks are prioritised

When we talk about innovation in cybersecurity, we spontaneously think of AI, XDR and EDR solutions, automated SOCs… and often of highly advanced, sometimes very expensive technologies. Yet no organisation can respond to the rise in threats by simply stacking tools on top of each other.

Innovation starts with the ability, at the level of a ministry, an operator or a company, to say :

• "These are our 10 major risks."
• "These are our 5 vital processes."
• "If we could only fund 3 cyber initiatives over the next two years, they would be these ones."

That means putting numbers on the potential cost of a prolonged outage, the political or social impact of a data leak, and the financial exposure linked to interruptions in payments, supply chains or production.

---

2.2. Innovating in organisation : towards true “cyber factories”

Faced with the volume of vulnerabilities, audits and projects to secure, it is no longer possible to handle issues one by one. Organisational innovation means setting up real "cyber factories" :

• industrialised chains to process vulnerabilities ;
• standardised pathways to secure IT and business projects ;
• mechanisms to track, measure and steer remediation plans.

The key is to be able to answer the questions : "What is our real remediation rate? How quickly are we reducing risk?"

---

2.3. Innovating in how detection is exploited : the living SOC

In a world where a large share of attacks involve ransomware and directly target essential services, the SOC can no longer be a technical "black box" : screens, logs, misunderstood alerts and a monthly fee.

A living SOC is a capability that :

• starts from business scenarios that really hurt the organisation ;
• enriches itself with every incident and every change in the information system ;
• speaks the language of senior leadership : impact on services delivered, on the population, on revenue and on compliance.

3.1. Towards attack campaigns largely orchestrated by AI

In 2025, a major AI company reported having detected and stopped one of the first cyber-espionage campaigns largely orchestrated by an AI system, led by a state-sponsored group. An AI, designed to assist developers, was hijacked to scan the Internet, look for vulnerabilities, generate exploit code, steal credentials and automate lateral movement within networks.

Several dozen targets were hit across finance, industry, technology and government. This was neither an exercise nor science-fiction : it was a real campaign, stopped in time, and it marks a clear inflection point.

---

3.2. What this changes for Africa

For African States and organisations, this shift implies at least three things :

• The scale and speed of attacks increase : an AI can launch, test and adjust hundreds of technical actions much faster than a human team.
• The barrier to entry for attackers drops : less-sophisticated actors will be able to rent or hijack AI tools to amplify their attack capabilities.
• Structural sectors are on the front line : critical infrastructure, finance, public administration, telecoms.

Threat-intelligence reports on Africa already highlight growing use of AI by cybercriminals : more convincing phishing, automated malware distribution, wide-scale fraud campaigns. In other words : AI will not only be a defensive tool, it is already a tool of attack.

The question therefore becomes : how will African States, operators and companies themselves use innovation and AI to protect their systems, their citizens and their economies?

4.1. Decision no. 1 : clarify your critical assets and processes

The first decision, common to all sectors, is to clearly identify your 5 to 10 processes without which your organisation cannot function, the systems and data that support them, and the critical dependencies (suppliers, operators, cloud providers, foreign partners).

This targeted mapping, quantified in terms of impact, becomes the foundation of your cyber strategy, your budget decisions and your detection and response priorities.

---

4.2. Decision no. 2 : expose your leaders to a real crisis… through simulation

An AI-driven attack, a ransomware outbreak on your systems, a massive data breach : these are not only technical scenarios, they are governance crises. Running a crisis exercise tailored to your local reality helps to :

• turn an abstract risk into a concrete experience ;
• clarify roles : who decides, who speaks, who coordinates ;
• reveal gaps between written procedures and operational reality.

After a well-designed exercise, it becomes much easier to justify investments, prioritise certain initiatives and understand why a living SOC is not a luxury but a necessity.

---

4.3. Decision no. 3 : require your SOC (current or future) to become “living”

If you already have a SOC – internal, external or shared – three simple questions arise :

• does it really see what threatens your essential missions ?
• does it learn from each incident so it can improve ?
• will it be able, tomorrow, to detect attack campaigns accelerated by AI ?

If the answer is "not really", it is not necessarily about throwing everything away to buy something else, but about :

• defining a use-case backlog aligned with your business risks ;
• setting up a continuous-improvement loop where every incident strengthens detections ;
• connecting the SOC to the cyber factories (vulnerabilities, projects, audits) and to governance.

This is exactly what AGCG refers to as a living SOC.

It is often said that Africa is lagging behind in cybersecurity. The data mainly show that the continent is increasingly targeted, that losses are rising sharply and that threats are growing more sophisticated, with attacks that are now partially autonomous and driven by AI.

Yet this situation creates a unique opportunity : not to copy-paste heavy, ill-suited models, but to design, from today, more streamlined, more agile and more realistic arrangements, anchored in the realities of African infrastructures, budgets and talent pools.

Innovation in the service of Africa’s digital defence is not about chasing every new technology buzz. It is about clarifying what truly matters, organising defences to handle risk volumes at our scale, and keeping SOCs, processes and partnerships alive – rooted in Brazzaville, Pointe-Noire and across the continent.

For its part, AGCG stands alongside African institutions, operators and companies to put numbers on risks, build realistic two- to three-year trajectories, and deploy living SOCs and operational capabilities that deliver visible results in a matter of months, not five years.

1. Cybersecurity Ventures, “2025 Official Cybercrime Report” – estimated annual cost of global cybercrime.
2. IBM Security, “Cost of a Data Breach Report 2024/2025” – average cost of a data breach.
3. INTERPOL, “Africa Cyberthreat Assessment 2024/2025” – growing share of cybercrime in reported crimes in parts of Africa.
4. SABRIC and related reports on digital fraud and mobile-banking crime in Southern Africa.
5. Kaspersky, INTERPOL and other 2023–2025 reports on the increasing use of AI by cybercriminals.
6. Anthropic, “Disrupting the first reported AI-orchestrated cyber espionage campaign”, November 2025 – description of a cyber-espionage campaign largely automated by AI.