Garowe-(Puntland Mirror) Somalia’s rush into the digital age is leaving the country dangerously exposed to cyberattacks that threaten government services, businesses and ordinary citizens, according to a new policy brief.
The paper, released by the Somali Institute for Development Research and Analysis (SIDRA) this week, says Somalia has made substantial progress in digital connectivity and financial technology, but still lacks a functional national cybersecurity framework and an operational Computer Emergency Response Team to coordinate responses to attacks.
Rapid digital growth and fragile protection
Over the past two decades, mobile phones, internet access, and digital financial services have quietly transformed how Somalis communicate, trade, and send money home. As of early 2025, Somalia recorded 11.3 million active mobile connections, representing about 58 percent of the population, and more than three million social media profiles. Digital payments and mobile money platforms now drive daily commerce and the wider economy.
Formal banks, money transfer operators, and mobile money companies rely heavily on digital platforms to move funds, pay salaries, and process remittances from the diaspora, which still contributes an estimated quarter of the country’s GDP each year.
But this fast-moving digital shift has not been matched by investment in cybersecurity. According to the SIDRA brief, Somalia still has no fully implemented national cybersecurity strategy, and the country ranks among the top 20 globally for the share of computers infected with malware.
High-profile breaches
A series of recent incidents has highlighted the urgency of the issue.
In October 2024, a Somali solar energy company reportedly lost US$350,000 after hackers infiltrated its email system, impersonated senior staff, and diverted funds meant for the International Solar Alliance into a fraudulent account.
In November 2025, Somalia’s electronic visa platform suffered a major breach that exposed sensitive data belonging to about 35,000 applicants, including names, photos, dates and places of birth, email addresses, marital status, and home addresses.
These cases, the brief notes, reflect deeper weaknesses in Somali institutions, many of which depend on digital systems but have little or no cybersecurity expertise.
Everyday, cybercrime on the rise
While large-scale breaches dominate headlines, most cybercrime in Somalia occurs quietly through social media and mobile phones.
The Governance Statistics Report by the Somalia National Bureau of Statistics, cited in the brief, shows an increase in online fraud and financial scams targeting individuals. Tactics include phishing emails, fake investment opportunities, and fraudulent websites that imitate businesses or aid agencies. Mobile money users are also at risk of unauthorized transfers and SIM card swapping.
Online harassment and cyberbullying continue to be serious issues, particularly for journalists, activists, and women. Victims frequently encounter smear campaigns, threatening messages, and manipulated content with little legal protection.
Ransomware and malware attacks are also on the rise, encrypting data or stealing information from devices. For many organizations, even a brief disruption can stop operations and hurt public trust.
NCA and SomCERT Mandate without capacity
On paper, the National Communications Authority is responsible for coordinating Somalia’s national cybersecurity response. Within it, the Somalia Computer Emergency Response Team is intended to detect and report cyber incidents affecting both government and private-sector institutions.
SIDRA’s analysis finds that SomCERT is still not fully functional. There is no central system for recording and analysing attacks, and there is limited capacity to issue timely alerts or coordinate responses. Many ministries and companies have no dedicated cybersecurity staff and rely mainly on basic antivirus tools.
Although Somalia has passed a Public Data Protection Act and established a Data Protection Authority, both remain poorly resourced and unable to enforce compliance.
A draft cybersecurity bill endorsed by the cabinet is still awaiting parliamentary approval, leaving gaps in the legal framework needed to protect national digital systems.
Regional opportunities and external support
Despite current weaknesses, the policy brief notes that Somalia has opportunities to strengthen its cyber defences.
The country’s accession to the East African Community in 2024 creates openings for cooperation and alignment with regional members that already operate national cybersecurity strategies.
In May 2025, the National Communications Authority signed a memorandum of understanding with Malaysia’s communications regulator to support cooperation on digital regulation and cybersecurity.
The World Bank-funded SCALEDUP project, launched in 2019, is also supporting Somalia’s efforts to build digital ID systems, government e-services, and cybersecurity capacity.
SIDRA argues that Somalia’s expanding ICT sector and its young tech-oriented population can become powerful assets. With proper training and investment, Somali youth could form the core of a future national cybersecurity workforce.
A race against rising risks
The brief concludes that cybersecurity is now central to Somalia’s national security and economic future.
With mobile money, online services, and digital communication now woven into daily life, a major cyber incident could quickly disrupt livelihoods, public services, and trust in state institutions.
Somalia still has time to act, the report says, but the gap between digital growth and cyber preparedness is widening. Bridging that gap will require sustained commitment, investment, and a national culture of digital security that reaches every level of society.
What Needs to Be Done
According to the SIDRA policy brief, addressing Somalia’s widening exposure to cyber threats requires a coordinated national effort that strengthens institutions, invests in people and modernises the legal framework. A central recommendation is the full operationalisation of SomCERT, which would serve as the country’s primary hub for reporting incidents, issuing alerts and coordinating responses across government and the private sector. SIDRA also stresses the urgency of approving the long pending cybersecurity bill, arguing that Somalia needs a clear and enforceable legal foundation to prosecute cybercrime and safeguard critical digital infrastructure.
Building human capacity is equally essential. The brief notes that most public institutions and many private companies still lack trained cybersecurity professionals, calling for structured recruitment, regular training and ongoing awareness programmes to improve basic cyber hygiene. It also proposes the creation of a Joint Cyber Defense Collaborative to bring together telecom operators, banks, regulators and government agencies, enabling them to share threat information and mount coordinated responses when serious incidents occur.
Beyond institutional reform, SIDRA encourages stronger national dialogue through an annual cybersecurity conference that would help raise public awareness and promote best practices. Sustained public investment will also be needed, particularly for the NCA, SomCERT and the Data Protection Authority, all of which require predictable funding to fulfil their mandates. Finally, the brief calls for deeper international cooperation, urging Somalia to take advantage of regional and global partnerships that can provide technical expertise, advanced tools and proven models for building a secure digital environment.
