In January 2023 the international charity GiveDirectly discovered that fraudsters in the Democratic Republic of the Congo (DRC) had exploited cybersecurity weaknesses to pocket around $1.2m in funds intended for families in need. The scandal revolved around a practice known as “SIM swapping”, which occurs when criminals impersonate a phone owner and transfer the owner’s number to a new SIM card.
Victims usually open access to their information at the request of an apparent official, allowing the fraudsters to gain access to their text messages, calls and two-factor authentication codes sent via text message. This in turn allows them to access bank accounts and other sensitive information.
GiveDirectly saw $1.2m in losses as local staff allegedly colluded with fraudsters to channel funds away from their intended recipients in this way. The incident revealed the growing cybersecurity risks the DRC’s public and private sector is exposed to as the rapid pace of digital transformation creates new vulnerabilities for criminals to exploit.
Digital growth opens door to scammers
Starting from a relatively low base, the DRC has seen high rates of digitalisation in recent years. By the end of 2025, the DRC had just under 74m active mobile phone subscriptions – a penetration rate of nearly 66% – compared to jt 29.3m in 2017.
Average data consumption per mobile user increased more than 24-fold between 2016 and 2025, thanks to higher smartphone adoption, stronger connectivity and the growing use of digital services. The government is continuing to push broader digital transformation initiatives, including an €8bn ($9.3bn) national digital infrastructure plan aimed at modernising connectivity and digital services in the DRC.
Nathalie Kienga, the DRC’s head of cybersecurity in Kinshasha, tells African Business that the sheer pace of digitalisation in the country has made it a challenge to maintain cyber resilience. In 2024, the Internet Society gave the DRC an overall internet resilience score of 34%, which means it only has “medium” capacity to “withstand unexpected faults or challenges to normal operation”.
“Digital growth in the DRC is happening at an extraordinary speed. Mobile money adoption, fintech innovation, digital public services and connectivity expansion are transforming the country and bringing millions of citizens into the digital economy,” Kienga says. “This rapid transformation naturally creates increasing pressure on cybersecurity capabilities. This is precisely why strengthening cyber resilience has become a national priority – cybersecurity must evolve at the same pace as digital transformation and this is the strategic direction we are taking.”
Kienga notes that the promise of further digitalisation is likely to increase the risks for the DRC’s strategic industries. “The most exposed sectors are finance, telecommunications, mining, energy, public administration and health systems. As the country digitises further, these sectors are becoming increasingly interconnected, which also increases systemic cyber risk,” she explains.
“We expect future threats to intensify around ransomware, attacks targeting critical infrastructure, mobile money fraud, supply chain compromise, disinformation campaigns and the malicious use of artificial intelligence for cyber manipulation and social engineering,” Kienga adds.
Government strengthens cybersecurity
The private sector is playing a role in helping plug these gaps in the DRC’s cybersecurity infrastructure. In 2024, for example, French telecommunications giant Orange announced that it would be offering three cybersecurity services in the DRC through its local subsidiary. The DRC government has also launched several initiatives over the last few years in a bid to address these challenges and strengthen the country’s cybersecurity. In April 2023 the DRC ratified the African Union’s convention on cybersecurity and personal data protection.
In June that year President Tshisekedi also launched the DRC’s National Cybersecurity Strategy with the objective of “making Congolese digital technology a lever for integration, good governance, economic growth and social progress”.
The plan includes proposals such as establishing a National Cybersecurity Agency to coordinate national cyber policy, creating a computer emergency response team for incident reporting, and developing a national security operations centre for real-time monitoring and detection of potential cyber threats.
The strategy places a particular emphasis on critical infrastructure – such as energy, telecommunications and government systems – and suggests mandatory security requirements for these bodies.
Kienga says these initiatives show the government is trying to take a much more active role in boosting the country’s cybersecurity capabilities. “The DRC has fully recognised that cybersecurity is no longer only a technical issue, it is a matter of national sovereignty, economic stability and strategic resilience,” she tells African Business. “Rather than waiting for a major cyber crisis to occur, the country is taking a proactive approach, drawing lessons from incidents observed across the region and internationally.
“We are already seeing encouraging progress, particularly in the financial sector under the leadership of the Central Bank of Congo, which has strengthened cybersecurity expectations and supervision across financial institutions,” Kienga notes. “This demonstrates that regulatory leadership can accelerate cyber maturity across an ecosystem – however, prevention still needs to become more systematic across all sectors.”
While the DRC appears to have made strong strides in creating a regulatory framework and government strategy for cybersecurity, more work still needs to be done in terms of enforcement. Generis Global Legal Services notes that the DRC’s regulatory agencies “often operate with insufficient funding and inadequate technological infrastructure, which significantly affects their ability to monitor, investigate and enforce compliance with cybersecurity laws.
“Without the requisite resources, agencies struggle to carry out their mandates effectively, which ultimately compromises the nation’s overall cybersecurity posture.”
The DRC is being supported in building these capacities by international partners such as the World Bank and the French Development Agency (AFD). In February this year the two organisations announced a joint $500m digital transformation support package for the DRC, which includes funding for establishing a government cybersecurity centre.
Kienga adds that “the DRC is investing in the development of national expertise through awareness initiatives, training efforts, resilience exercises and stronger international partnerships” to further boost its ability to enforce high cybersecurity standards.
Reassuring investors
The DRC has committed itself to boosting its cyber resilience, not just as an end in itself, but as a way to reassure international investors, encourage greater foreign direct investment (FDI) flows and achieve stronger economic growth.
Indeed, the World Bank has previously warned that “cybersecurity is a growing challenge to sustainable economic development” and that “digital investments in developing countries are increasingly vulnerable to cyber risks and threats.”
Kienga says that “today, cybersecurity is one of the foundations of investor confidence. International companies do not invest only where opportunities exist, they invest where there is trust, predictability and institutional reliability.”
She is confident that the DRC’s efforts to strengthen its cybersecurity will provide reassurance to international investors that their money is safe in the country – and will therefore help unlock FDI. “The combination of stronger governance, high-level political commitment and dedicated cyber institutions will send a strong signal to international partners and investors. We are building the conditions for a secure digital economy,” Kienga argues.
“This would help attract big tech companies, data infrastructure investments and strategic international partnerships. It would strengthen trust in digital finance, facilitate e-commerce growth, reduce fraud and improve confidence in public digital services. “The DRC has the potential to become one of Africa’s major digital markets. But beyond market size, our ambition is to become a trusted digital environment and a regional platform for secure digital innovation.”