In Ethiopia’s fast-growing digital financial sector, the biggest challenge to cybersecurity is not just the complexity of cyberattacks, but the reluctance of financial institutions to report such attacks due to fears of losing customer trust and reputational damage. This hesitancy, highlighted by the Information Network Security Administration (INSA), creates significant security gaps that obstruct regulators and law enforcement agencies from mounting an effective collective defense.
At a recent cybersecurity forum organized by the Commercial Bank of Ethiopia (CBE) under the theme “Zero Trust Security for Trusted Banking Services,” experts underscored the rising cyber risks and stressed the urgent need for cross-sector cooperation. Representatives from INSA, Ethio Telecom (which operates the Telebirr mobile money platform), and the Federal Police participated, warning that the lack of transparency and limited threat intelligence sharing endanger the nation’s critical infrastructure amid ongoing digital transformation.
INSA’s Deputy Director General, Hanibal Lemma, noted that while national cybersecurity has improved, there remains a major obstacle: financial institutions are reluctant to disclose when attacked, fearing negative impacts on their reputation and customer trust. This low reporting culture allows cybercriminals to replicate successful attack methods across institutions, increasing vulnerabilities.
Tsegaye Emmanuel, Chief Information Security Officer at Ethio Telecom, described the increasing volume of cyberattacks targeting both individual customers and critical infrastructure systems like Telebirr, which faces over 220 attacks daily—a 20% yearly increase since launch. He emphasized that cybersecurity efforts must keep pace with Ethiopia’s rapid digital transformation to maintain digital trust.
At the opening of the second Cyber Security Month, Ephrem Mekuria, Presidential Representative of CBE, reaffirmed the bank’s commitment to operating on a “Zero Trust” model to combat evolving global cyber threats. Mekuria highlighted that CBE now processes over 90% of its transactions digitally, a sharp rise from 13% the previous year, contributing over 73% of the country’s total digital transactions in the 2024/25 fiscal year.
Highlighting the new challenges posed by artificial intelligence, Mekuria cautioned that AI-enabled cyberattacks now take just 39 seconds to execute, with 56% of attacks leveraging AI capabilities. Global cybercrime spending has surpassed $10 trillion and is projected to rise to $13 trillion by 2028.
To address these threats, a trusted third-party entity is being established to facilitate secure information sharing among financial institutions and regulators without compromising business confidentiality or customer trust. This initiative aligns with CBE’s strategy, which now includes elevating its Cybersecurity Administration to a vice-presidential level, signaling a proactive stance in securing Ethiopia’s digital economy.
The forum reiterated that cybersecurity is a shared responsibility requiring collaboration across financial institutions and stakeholders to safeguard Ethiopia’s growing digital financial ecosystem and national priorities.
This highlights Ethiopia’s urgent need to strengthen cyber defenses and encourage transparent reporting to close security gaps amidst its rapid digital growth and vulnerability to sophisticated cyber threats targeting critical infrastructure and financial services.
