Artificial intelligence is reshaping cybersecurity in profound ways, by amplifying both threats and defences. The Boston Consulting Group’s (BCG) latest report, “AI Is Raising the Stakes in Cybersecurity,” based on a survey of 500 senior leaders across industries and regions, paints a stark picture.
While awareness of AI-enabled risks is relatively high, actionable preparedness in organisations lags dangerously behind. Globally speaking, 53% of executives rank AI-driven cyber threats among their top three risks, yet only 7% have implemented AI-powered defensive tools. A key development is that offence is outpacing defence, with 60% of organisations likely having faced an AI-involved attack in the past year.
This asymmetry stems from three core challenges:
- Stopping AI-powered attacks (e.g., deepfakes, adaptive malware)
- Leveraging AI for stronger defences,
- And securing AI systems themselves.
Real-world cases highlight the stakes—a deepfake scam defrauded a firm of $25 million, while AI-encrypted ransomware paralysed healthcare operations.
Global Landscape: Awareness vs. Action
The report reveals widespread vulnerability. Key barriers include budget constraints (cited by 56%), talent shortages (54%), and immature technology (only 25% rate their AI defense tools as advanced). Regulatory uncertainty adds friction: 72% of regulators have drafted AI-cyber policies, but 70% of organizations are unaware of them.
Regional and industry variations show consistent gaps. The scatter plot below (recreated from BCG data) illustrates prioritization of AI defenses versus exposure to suspected AI-enabled attacks:
| Region/Industry | % Prioritizing AI Defenses | % Experiencing Suspected AI Attacks (Past Year) |
|---|---|---|
| North America | ~40% | Moderate |
| Europe | ~50% | Moderate-High |
| Asia Pacific | ~45% | High |
| Middle East | ~70% | High |
| Latin America | ~55% | Moderate |
| Africa | ~50% | High |
| Tech (Industry) | High | Highest |
| Banking | Moderate-High | High |
| Health Care | Moderate | High |
All regions face similar offense-defense imbalances, but talent challenges vary sharply:
| Region | % Facing AI/Cyber Talent Challenges |
|---|---|
| Africa | 82% |
| Banking (Industry) | 83% |
| North America | 69% |
| Europe | 68% |
| Global Average | 69% |
Budget increases for AI-related cybersecurity remain minimal globally (5% significant), with Africa at just 3%.
Africa’s Heightened Vulnerabilities
Africa stands out in the BCG findings as having the highest AI talent shortage (82%) and lowest budget growth, yet respondents rate their AI defence tools as “advanced” more optimistically (29% vs. global 25%). This perception may mask deeper issues amid rapid digitalization.
External reports confirm escalating risks. INTERPOL’s 2025 Africa Cyberthreat Assessment notes a sharp rise in cybercrime, with online scams, ransomware, and business email compromise (BEC) dominating. Financial losses from 2019-2025 exceed $3 billion, driven by digital expansion outpacing security capabilities. Kaspersky’s 2025 report highlights Africa as the most attacked region, with 41% of users facing threats—far above global averages.
Ransomware saw a significant surge in 2025, targeting critical infrastructure and finance. A major INTERPOL operation in December 2025 led to 574 arrests across Africa, recovering $3 million and disrupting ransomware networks. Nation-state attacks also rose, with Microsoft reporting high activity in key countries. As Africa’s digital economy booms with a projected GDP growth of 4.1% in 2025, vulnerabilities from weak regulations and underinvestment in cyber defence ability amplify risks.
Looking to 2026: Agility in an AI-Disrupted World
In 2026, agentic AI – autonomous systems that act independently, are set to accelerate threat evolution, making static defences obsolete. Businesses must prioritize quick pivots: rapid detection, response, and adaptation. AI’s dual role as disruptor (enabling sophisticated attacks like AI-driven election interference or adaptive malware) and enabler (for proactive defences) demands organisational agility. Those who pivot fastest will thrive; others risk operational shutdowns or massive losses.
Contingencies to Bridge the Gaps
Skills shortages pose Africa’s biggest hurdle, but viable workarounds exist:
- Regional and International Collaboration — Leverage initiatives like INTERPOL’s African Joint Operation against Cybercrime (AFJOC) for shared intelligence and capacity building.
- Public-Private Partnerships — Engage vendors for managed security services and collaborate with academia for tailored training.
- Up-skilling Programs — Investments in scalable online platforms (e.g., KnowBe4’s awareness training shows positive trends) and open-source tools to broaden access.
- Cloud and AI-as-a-Service — Adopt secure cloud solutions with built-in AI defenses to bypass local talent constraints.
- Policy and Governance Focus — Prioritise internal frameworks over tools, as BCG notes lower funding here despite needs.
CEOs and CISOs must align now—making AI-cyber a board priority and hiring early.
African businesses cannot afford complacency in 2026. With AI threats evolving daily and the continent’s digital growth accelerating, vigilance is non-negotiable. Organisations should invest in resilience, foster collaboration, and prepare for rapid shifts. The stakes have never been higher, and in 2026, proactive readiness will determine survivors from casualties in this new era.
