Benin Releases First National Cybersecurity Report Highlighting Rising Threats

On the sidelines of the 2025 Cyber Africa Forum (CAF) in Cotonou, Benin’s Agency for Information Systems and Digital (ASIN ) presented its first national report on cybersecurity vulnerabilities and incidents, marking a significant step toward greater digital resilience. The session, held on June 25, was co-moderated by ASIN Director General Marc-André Loko and Ouanilo Médegan Fagla, Director General of the National Center for Digital Investigations (CNIN ).

The report, which covers data from 2021 to 2024, analyses vulnerabilities and incidents across public institutions and critical infrastructure operators (OIIC), underscoring the heightened cybersecurity risks emerging alongside Benin’s accelerated digital transformation.

Marc-André Loko emphasized that cybersecurity must evolve in tandem with digital development, stating that Chief Information Security Officers (CISOs) should no longer be seen as simple employees of IT departments, but as strategic pillars of national digital governance.

Ouanilo Médegan Fagla explained that the report is designed to raise awareness, inform national cybersecurity strategies, and provide practical recommendations to strengthen the country’s information system defences.

Key findings include 878 recorded vulnerabilities over the three-year period:

• 30% were classified as low risk

• 23% moderate

• 24% high

• 23% critical

Critical vulnerabilities included:

• Broken Access Control (41 cases) – allowing unauthorized access

• Sensitive Information Disclosure (26 cases) – involving data leaks

• Broken Authentication (24 cases) – due to login flaws

• Remote Code Execution (RCE) (23 cases) – enabling external attackers to run malicious code

• SQL Injection (18 cases) – affecting databases

The most impacted sectors were Public Service (326 cases), Finance (155 cases), and the Digital sector (117 cases). Leading causes included misconfigured security settings (296 occurrences) and poor role and permission management (142).

Additionally, 832 password breaches were reported—most notably in Finance (406 cases) and Public Service (226 cases). The most frequent cyber incidents involved:

• Malware Infections (23 cases)

• Website Hacking (12 cases)

• Botnet Attacks (7 cases)

The report attributes these incidents to outdated software, limited user awareness, and the absence of regular security patches.

Audit findings also revealed wide disparities in compliance with Benin’s State Information Systems Security Policy (SSIE). Compliance levels across institutions ranged from just 6% to 87%, with notable weaknesses in governance structures, asset tracking, network protection, and cybersecurity training for staff.

The report serves as both a wake-up call and a roadmap for strengthening Benin’s cyber defences in the face of rapid digital growth.