60% of African Firms Report AI-Powered Cyberattacks; Only 29% Have Defenses in Place

82% of firms can’t afford AI-cybersecurity talent

A recent report from Boston Consulting Group (BCG) highlights the transformative impact of artificial intelligence (AI) on the cybersecurity landscape, revealing significant gaps in corporate defenses. As organizations become increasingly aware of the risks posed by AI, the adoption of cyber defense measures is not keeping pace with the rapidly evolving threats. The report, titled “AI Is Raising the Stakes in Cybersecurity,” is based on a global survey of 500 senior leaders, including 50 from Africa, across various industries and regions.

Nearly 60 percent of African companies surveyed reported experiencing an AI-powered cyberattack in the past year. Despite this alarming statistic, only half of these organizations prioritize the use of AI to bolster their cyber defenses. The report indicates that just 7 percent of global organizations have implemented AI-enabled defense tools, although 88 percent plan to adopt such technologies in the near future.

Hamid Maher, Managing Director and Senior Partner at BCG Casablanca, emphasized the urgency of the situation, stating, “AI is enabling a new era of cyber threats that are faster, more deceptive, and infinitely more scalable – and African businesses are already feeling the impact.” The report notes that over half of African companies have faced AI-enabled attacks in the last year, yet only 29 percent possess advanced AI cyber defense capabilities. This discrepancy between the speed of attackers and the preparedness of defenders is creating an unsustainable level of exposure for businesses on the continent.

The report outlines how AI enhances attackers’ capabilities through various tactics, including ransomware, phishing, voice cloning, and deepfake video fraud. Among the notable case studies cited is a $25 million fraud incident at a multinational engineering firm, which was instigated by a deepfake video call that impersonated the CFO. There was also an AI-generated robocall campaign that spoofed voter communications, leading to a $1 million regulatory fine, alongside a ransomware attack that encrypted a healthcare provider’s systems, delaying surgeries.

Despite the growing threats, the organizational response has been tepid. BCG found that only 5 percent of global organizations and 3 percent of African firms have significantly increased their cybersecurity budgets in response to the rise of AI. Furthermore, 69 percent of global and 82 percent of African companies report difficulties in hiring AI-cybersecurity talent. Alarmingly, only 25 percent and 29 percent of existing AI-enabled defense tools are deemed advanced by global and African organizations, respectively, raising concerns as AI technology continues to accelerate the evolution of cyber threats.

Hakim Hamane, Managing Director at BCG Platinion Casablanca, remarked, “While attackers are evolving with AI, most organizations across Africa are still relying on outdated tools and underfunded strategies. When 82 percent of companies struggle to hire AI security talent, it’s clear that the continent’s cybersecurity posture must shift from reactive to truly future ready.”

Executives foresee a continuous evolution of AI-powered cyberattacks, necessitating constant recalibration of defense strategies. The report identifies the most critical AI-related cyber threats organizations anticipate over the next two years as follows: AI-enabled financial fraud (43 percent); AI-powered social engineering (39 percent); attackers utilizing AI to accelerate vulnerability discovery (28 percent); and AI-driven malware that learns and adapts to circumvent defenses (26 percent). High-risk exposure is evident across all sectors, with healthcare and government identified as particularly vulnerable.

BCG asserts that a collaborative approach between CEOs and Chief Information Security Officers (CISOs) is essential for closing the defense gap. The report advocates for a dual leadership model where CEOs prioritize cybersecurity and AI at the board level, while CISOs expedite the deployment of impactful, AI-enabled use cases. Recommendations include establishing a board-backed AI-cyber mandate, allocating sufficient resources, deploying AI where it can most effectively change risk dynamics, securing AI systems under development, and fostering cyber agility through multi-vendor architectures.

Vanessa Lyon, Global Director of BCG’s Centre for Leadership in Cyber Strategy and co-author of the report, concluded, “The era of passive cyber defense is over. Attackers are moving at machine speed. The only winning strategy is to meet autonomy with autonomy, through intelligence, leadership, and commitment. This is the moment when organizations decide whether they will shape the AI-cyber landscape or be shaped by it.”

AI-Driven Cyber Attacks Surge in UK, Causing £1.9B Impact and Major Service Disruptions

SPAI Upgrades SPOTD AI Algorithm for Enhanced Threat Detection in GPS-Denied Environments

Brivo and Eagle Eye Merge to Form World’s Largest AI Cloud Security Firm

Malaysia Faces 78% Surge in AI-Powered Cyberattacks: Urgent Call for Cyber Resilience

AI Security Shifts: Akshay Garkel on Protecting Data Amid Growing Threats