By 
Email remains the primary vehicle for cyberattacks in Africa, accounting for 94% of incidents. Phishing and Business Email Compromise (BEC) are particularly prevalent, exploiting the weakest link, human vulnerabilities to infiltrate organisations.
These attacks often involve deceptive emails that trick recipients into revealing sensitive information or transferring funds. Zimbabwe, in particular, has seen a surge in cybercrime due to rapid digital adoption without proportional investments in cybersecurity.
In 2024, email-based cyberattacks surged across Africa, with Zimbabwe ranking among the top three most targeted countries globally. According to the latest cybersecurity threat-scape report, Zimbabwe holds the third-highest Normalised Risk Index (NRI) globally, at 78.1, trailing only Ethiopia and one other nation.
By Gamuchirai Mapako
Financial institutions, telecommunications companies, healthcare sector, Small and Medium Enterprises (SMEs) and the government and public sector which lack robust cybersecurity measures are prime targets due to the direct monetary gain for attackers. And to combat the escalating threat of email-based cyberattacks, organisations are turning to self-learning Artificial Intelligence (AI) systems. For instance, Darktrace’s Antigena system uses machine learning to identify and neutralise threats autonomously.
Speaking during an Axis Solutions event held in Harare, a representative from Darktrace pointed out that many African organisations, including those in Zimbabwe, have low cybersecurity awareness and also lack basic email security training. Employees often fall victim to fraudulent emails mimicking trusted sources, malicious attachments and fake emails impersonating executives to authorise fraudulent transactions.
One of the reasons for these countries being vulnerable to cyber-attacks is mostly their outdated security infrastructure.
Most businesses in Zimbabwe rely on basic spam filters rather than advanced threat detection systems, making them easy targets for cybercriminals.
Although a commendable move, Zimbabwe is embracing digital banking, e-government, and online services, however this rapid digitalisation is happening without proper safeguards.
Attack method phishing emails trick bank employees into revealing login credentials leading to fraudulent transactions, stolen customer data, and financial losses.
The government and public sector also experience data breaches, disruption of critical services, and national security risks.
During a presentation before representatives from the likes of ZIMRA, Innbucks and several other reputable financial institutions from Zimbabwe, experts from Darktrace pointed out that traditional security measures are no longer sufficient against AI-powered cyber threats. Self-learning AI offers a proactive defence by analysing email behaviour patterns (sender reputation, language, attachments) to flag suspicious messages before they reach the inbox.
Through behavioural biometrics and anomaly detection. AI learns normal user activity (login times, typing patterns) and detects deviations. With automated incident response AI can quarantine malicious emails, reset compromised accounts, and alert security teams—reducing response time from hours to seconds. And Unlike rule-based filters, self-learning AI evolves with cybercriminal tactics, staying ahead of zero-day attacks.
While AI offers powerful tools for defence, a comprehensive cybersecurity strategy must also include mandatory cybersecurity training for employees, multi-layered security, adoption of AI-powered email security solutions and stronger regulations enforcing cybersecurity compliance.
African businesses, especially in high-risk countries like Zimbabwe, must integrate self-learning AI into their cybersecurity strategies to survive the escalating threat landscape.
With 94% of cyber-attacks in Africa originating from emails, the risks are too significant to ignore. Zimbabwe’s financial, government, and healthcare sectors are particularly vulnerable, but experts advise self-learning AI presents a powerful solution. By combining advanced AI tools with comprehensive security frameworks and employee education, organisations can bolster their defences against the ever-evolving landscape of cyber threats, detect, prevent, and respond to cyber threats faster than ever before.
Comments