Sénégal faces rising cyber threats to digital government systems

Dakar’s public treasury has become the latest victim of a cyberattack targeting Senegal’s central administration, highlighting growing vulnerabilities in the country’s digital infrastructure. Over the past six months, three key government bodies have faced breaches, raising serious concerns about the nation’s cybersecurity and its preparedness for an increasingly digital governance model.

The attack on the Directorate-General of the Treasury and Public Accounting follows two earlier incidents that exposed critical flaws in the system. In October, the Tax and Land Registry portal was compromised, while in January, the national identity card production service suffered an intrusion that disrupted day-to-day administrative operations. These repeated breaches—occurring in rapid succession—paint a troubling picture of Senegal’s ability to safeguard its most essential public services.

Digital transformation outpaces security measures

As Senegal accelerates its digitalization efforts to modernize public administration, experts warn that security frameworks have failed to keep pace. While the shift to online services promises greater efficiency and transparency, it also expands the attack surface for cybercriminals. Without parallel investments in robust data protection, real-time monitoring, and staff training, critical government systems remain dangerously exposed.

Cyber threats typically serve one of three motives: financial extortion through ransomware, theft of sensitive data for resale, or symbolic disruption of state institutions. In the case of the Treasury, the stakes are particularly high. A prolonged breach could disrupt public expenditure tracking, local government accounting, and domestic debt management. Authorities have yet to disclose details about the attack’s nature or the extent of any data theft.

Africa’s growing cybercrime hotspot

Senegal is not alone in facing this challenge. Across Africa, countries pursuing ambitious e-government initiatives have become prime targets for cybercriminals. The rapid expansion of internet connectivity, mobile payment systems, and cloud-based public records has created a lucrative environment for attackers, whether operating locally or from abroad. The low risk of cross-border prosecution makes such attacks highly appealing, with potential ransom payments far outweighing the costs of execution.

The country does have institutional safeguards in place, including the Personal Data Protection Commission (CDP) and the State Computer Agency (ADIE). Yet operational coordination between agencies, incident response capabilities, and a culture of cybersecurity among public servants remain underdeveloped. The rising tide of attacks may force a national strategy overhaul, with mandatory audits, simulated cyber drills, and stricter breach notification rules likely on the horizon.

What political action is needed?

The government now faces a dual challenge: restoring public trust in digital governance while ensuring the resilience of its most sensitive systems. Three major breaches in six months undermine confidence in the security of fiscal, biometric, and financial data—key pillars of Senegal’s modernization strategy. Pressure is also mounting on private contractors handling government projects, where cost considerations often overshadow security concerns.

Beyond Senegal, these repeated incidents underscore a broader truth: African digital sovereignty extends far beyond data localization or homegrown software. True resilience requires the ability to detect, contain, and neutralize increasingly sophisticated cyber threats before they inflict lasting damage.