KnowBe4, a security awareness and compliance training platform, conducted its annual survey to assess how well African smartphone and internet users are prepared for cybersecurity threats.
With the rise of artificial intelligence (AI) and its role in spreading disinformation, cyber threats are becoming increasingly sophisticated, though they still largely exploit human vulnerabilities. The survey gathered insights from 800 employed adults across multiple industries in seven African nations which include; Morocco, South Africa, Nigeria, Ghana, Egypt, Kenya, and Botswana, to evaluate their cybersecurity awareness.
The survey revealed that more than half of respondents reported receiving cybersecurity training from their employers, with 33% strongly agreeing that the training was adequate.
Register for Tekedia Mini-MBA edition 17 (June 9 – Sept 6, 2025) today for early bird discounts. Do annual for access to Blucera.com.
Tekedia AI in Business Masterclass opens registrations.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register to become a better CEO or Director with Tekedia CEO & Director Program.
On the aspect of personal security awareness, most respondents are hesitant to give away personal information, with 15% saying they tend not to share personal details, such as their identity number. 47% revealed that they would share this information only if there was a real need to do so and 24% stated to part with personal information if they can’t avoid it.
Worryingly, the survey revealed that 14% are comfortable sharing personal information, with 8% saying they are likely to do so if they can get something in return, such as a discount, and 6% saying they share personal information all the time.
Among respondents very likely to give away their personal information are those living in Egypt (11%), Nigeria (10%) and Kenya (7%). South African respondents were more cautious, with only 4% very willing to give away their personal data, compared to the average of 5.5%.
Cybercrime Experiences
To gauge their cybercrime experiences, more than half of respondents (51%) said they had previously had a virus infection on their computer. 35% had lost money due to a scam or con artist, 32% had clicked on a phishing email, 23% had been scammed on a phone call and 37% had fallen for fake news or a disinformation campaign.
Comparing the 2023 survey to the 2025 results, phishing victims rose from 26% to 32%. Virus infection experiences remained stable at around 51%, while financial losses due to scams increased slightly from 32% to 35%. While 83% expressed confidence in recognizing security threats, 53% did not know what ransomware was.
This disconnect reflects the Dunning-Kruger effect, where individuals overestimate their competence in areas where they lack knowledge. Overconfidence in cybersecurity can be dangerous, as it creates a false sense of security, leaving individuals and businesses vulnerable to attacks.
These figures paint a complex picture of the cybercrime landscape in Africa.
The sophistication of phishing attacks:
The increase in phishing victims despite increased awareness among respondents suggests that phishing attacks are becoming More sophisticated and harder to detect. It also shows a gap between awareness and practical application of cybersecurity knowledge.
Persistent threat landscape:
The stability in virus infections and a slight increase in financial losses suggest that the overall threat level remains high. Cybercriminals are adapting their tactics to overcome improved awareness and technical defenses.
Need for practical training:
These results highlight the need for more hands-on, practical cybersecurity training in Africa that goes beyond theoretical knowledge to develop real-world skills in identifying and avoiding threats.
Conclusion
The 2025 survey presents a complex picture of cybersecurity awareness, in Africa. While corporate investment in training has increased, and employees feel more confident, gaps remain in practical knowledge and risk mitigation.
The widespread use of mobile banking and digital transactions underscores the need for mobile-centric security education. Addressing these gaps with more comprehensive human risk management programs is essential to improving Africa’s overall cybersecurity resilience.