In early 2023, the international charity GiveDirectly uncovered a sophisticated fraud scheme that siphoned roughly $1.2 million from funds earmarked for vulnerable families in the Democratic Republic of Congo (DRC). The breach relied on a tactic known as SIM swapping, whereby criminals convince a mobile carrier to transfer a victim’s phone number to a new SIM card under their control. Once the number is hijacked, fraudsters gain access to SMS‑based two‑factor authentication codes, enabling them to hijack bank accounts, mobile‑money wallets and other sensitive services.
The incident highlighted a growing tension in the DRC: rapid digital expansion is creating new opportunities for cybercriminals even as the country strives to harness technology for economic and social development.
Digital growth opens the door to fraudsters
Over the past decade, the DRC has experienced one of the fastest rates of mobile adoption in Sub‑Saharan Africa. By the close of 2025, the country counted nearly 74 million active mobile subscriptions, representing a penetration rate of roughly 66 %—up from 29.3 million subscriptions in 2017 [1]. Average data consumption per user surged more than 24‑fold between 2016 and 2025, driven by cheaper smartphones, broader 3G/4G coverage and the rise of mobile‑money platforms such as M‑Pesa and Airtel Money [2].
These trends are part of a deliberate national push. The DRC government has launched an €8 billion (≈ $9.3 billion) National Digital Infrastructure Plan aimed at modernising fibre‑optic backbones, expanding rural broadband and digitising public services [3]. Nathalie Kienga, the DRC’s Cybersecurity Director in Kinshasa, told African Business that the speed of this transformation is outpacing the country’s ability to defend against cyber threats:
“Digital growth is occurring at an extraordinary pace in the Democratic Republic of Congo. The adoption of mobile money, fintech innovations, digital public services and expansion of connectivity are transforming the country and bringing millions of citizens into the digital economy. This rapid change is naturally creating increasing pressure on cybersecurity capabilities.”
The Internet Society gave the DRC an overall Internet resilience score of 34 % in 2024, indicating only a moderate capacity to withstand unexpected disruptions [4]. Kienga warned that the sectors most exposed to cyber risk—finance, telecommunications, mining, energy, public administration and health—are becoming increasingly interlinked as digitisation deepens, amplifying the potential impact of any single breach.
Looking ahead, experts anticipate a rise in ransomware attacks, supply‑chain compromises, disinformation campaigns and the malicious use of artificial intelligence for social engineering, especially as more critical services move online.
Government and private sector respond
Policy milestones
- In April 2023, the DRC ratified the African Union Convention on Cybersecurity and the Protection of Personal Data, committing to baseline standards for data protection and cross‑border cooperation.
- Two months later, President Félix Tshisekedi unveiled the country’s first National Cybersecurity Strategy, framing secure digital technology as a catalyst for integration, good governance, economic growth and social progress.
The strategy outlines several concrete actions:
- Creation of a National Cybersecurity Agency (NCA) to centralise policy, coordinate incident response and advise ministries.
- Establishment of a Computer Emergency Response Team (CERT) tasked with real‑time monitoring, threat intelligence sharing and rapid mitigation.
- Development of a National Security Operations Centre (SOC) equipped with SIEM tools to detect anomalies across government networks.
- Mandatory security baselines for critical infrastructure—energy grids, telecom hubs and governmental IT systems—aligned with international standards such as ISO/IEC 27001.
Private‑sector contributions
Telecom operator Orange announced in 2024 that its DRC subsidiary would begin offering three dedicated cybersecurity services: managed firewall protection, threat‑intelligence feeds and security‑awareness training for enterprises [5]. Similar partnerships are emerging with local fintechs and mining firms, which are investing in endpoint detection and response (EDR) platforms to safeguard mobile‑money transactions and operational technology networks.
These collaborative efforts aim to close the gap between the DRC’s ambitious digital agenda and the defensive capabilities required to protect it. As Kienga emphasized, “strengthening cyber resilience has become a national priority—cybersecurity must evolve at the same pace as digital transformation.”
Looking forward
The DRC’s experience illustrates a broader lesson for emerging economies: digital inclusion brings tremendous benefits, but it also expands the attack surface. Continued investment in skilled cybersecurity personnel, regular risk assessments, and public‑private information sharing will be essential to ensure that the promise of a connected, prosperous Congo is not undermined by preventable cyber incidents.
[1] GSMA Intelligence, “Mobile Subscriber Statistics – Democratic Republic of Congo,” 2025.
[2] International Telecommunication Union (ITU), “Measuring Digital Development: ICT Price Trends 2016‑2025.”
[3] Government of the Democratic Republic of Congo, “National Digital Infrastructure Plan (2022‑2027),” Ministry of Posts, Telecommunications and ICT.
[4] Internet Society, “Global Internet Resilience Index 2024.”
[5] Orange Press Release, “Orange DRC Launches Cybersecurity Services Suite,” March 2024.
