While the Kingdom of Morocco has achieved significant strategic milestones in cybersecurity, a series of high-profile cyberattacks in 2024 and 2025 have exposed a critical vulnerability. The most notable of these was the April 2025 breach of the National Social Security Fund (CNSS), an event that serves as Morocco's definitive "Sputnik moment", a wake-up call that has compelled the nation to re-evaluate its digital defenses.
This incident, occurring despite Morocco's Tier 1 ranking in the International Telecommunication Union’s (ITU) 2024 Global Cybersecurity Index (GCI), highlights a critical gap between institutional readiness and operational resilience.
Historically, Morocco has invested heavily in cybersecurity infrastructure, allocating budgets under the 2012 National Cybersecurity Strategy and its 2024 updates. Yet, returns remain modest. Kaspersky reported 12.6 million web threats in 2024, ranking Morocco third in Africa. Examples include ransomware targeting car manufacturers in 2020 and the 2023 Medusa gang's leak from Bank of Africa (formerly BMCE), exposing client data across 18 African countries.
With the forthcoming hosting of the 2025 Africa Cup of Nations (AFCON) and the 2030 FIFA World Cup, Morocco has a unique opportunity to accelerate its digital ambitions. These global events position cybersecurity not merely as a defensive necessity but as a key driver of economic growth and digital sovereignty, providing a high-stakes platform to showcase a secure and technologically resilient nation. But it also puts Morocco in the spotlight of digital security, for visitors and its citizens.