Sénégal faces rising cyber threats to its digital government systems

The recent cyberattack against Senegal’s public treasury marks a troubling escalation in digital threats facing Dakar’s institutions. Over the past six months, three key government departments have fallen victim to intrusions, thrusting cybersecurity into the spotlight of Senegal’s digital sovereignty debate. This latest breach coincides with the state’s accelerated push toward digitalizing public services—a move that inadvertently broadens the attack surface for malicious actors. The frequency of these incidents raises serious questions about the resilience of protections guarding the nation’s most critical digital infrastructure.

The assault on the Directorate-General of the Treasury and Public Accounting follows two prior high-profile breaches. In October, the tax and property registry portal was targeted, while January saw an intrusion into the national ID production system, disrupting a service central to daily citizen interactions. Together, these attacks expose a disturbing pattern: tax systems, civil registries, and public finances—core pillars of the administrative apparatus—are all under siege.

Digital progress outpacing security safeguards

Like many African nations racing to modernize their administrations, Senegal has rolled out numerous digital initiatives without always pairing them with commensurate security frameworks. While digitizing public services promises greater efficiency and transparency, it demands parallel investments in data protection, continuous monitoring, and staff training. The widening gap between digital transformation and cybersecurity preparedness is precisely the vulnerability cybercriminals exploit. Attackers typically pursue three objectives: ransomware extortion, theft of sensitive data for resale, or symbolic destabilization of state institutions. In the case of the Treasury, which manages the state’s financial flows, the stakes are particularly high. A prolonged breach could disrupt public expenditure chains, compromise local government accounts, or even jeopardize domestic debt management. Authorities have yet to disclose specifics about the intrusion’s nature or the volume of data potentially compromised.

Africa’s growing appeal for cybercriminals

Senegal is far from alone in facing this threat. Across the continent, countries pursuing ambitious e-government programs have suffered major cyber offensives in recent years. The surge in internet connectivity, the rise of mobile payments, and the migration of public records to cloud platforms have created an increasingly lucrative environment for cybercriminals—whether operating from within Africa or abroad. The cost-benefit ratio remains skewed in the attackers’ favor: potential ransoms are substantial, while cross-border judicial consequences remain minimal.

Dakar boasts an institutional framework on paper, including the Personal Data Protection Commission (CDP) and initiatives led by the State Computing Agency (ADIE). Yet gaps persist: inter-agency operational coordination, incident response capabilities, and cybersecurity awareness among public servants remain works in progress. The mounting attacks could spur the adoption of a stricter national strategy, enforcing regular audits, simulated attack drills, and heightened breach notification mandates.

Political fallout and the path forward

For the government, the stakes are now political as well. Public trust in digitized services hinges on assurances that taxpayer data, biometric records, and financial transactions remain secure. Three major breaches in half a year erode this trust and undermine arguments for expanding digital projects. Pressure is also mounting on state contractors, whose selection often prioritizes cost over the robustness of security solutions.

Beyond Senegal, these cascading attacks underscore a critical truth: Africa’s digital sovereignty isn’t just about hosting data locally or developing homegrown apps. It requires real-time detection, containment, and neutralization of increasingly sophisticated intrusions.