Egypt has proved strong growth and leadership in the field of cybersecurity, achieving a Tier 1 rating and a high ranking on the Global Cybersecurity Index.
The country’s cybersecurity efforts are recognized internationally, with the International Telecommunication Union (ITU) positioned Egypt among the top 12 nations in its Global Cybersecurity Index.
Meanwhile, Egypt faces increasing cyber threats due to the rapid expansion of its digital environment and growing internet usage.
The Egyptian cybersecurity market is experiencing growth, driven by increased demand for security solutions among businesses and government agencies. The market is projected to hit $287.1 million (about EGP 14.5 billion) by 2029, according to Statista.
In this in-depth discussion, Sherif Shaltout, the General Manager of cybersecurity and cloud services provider liquid C2 and a seasoned cybersecurity professional, provides a comprehensive analysis of Egypt’s evolving cybersecurity landscape, dissecting governmental strategies, the burgeoning local industry, and the critical challenges that remain in safeguarding the nation’s digital future.
Follow ICT: How do you see the cybersecurity landscape in Egypt in terms of the related infrastructure, regulations, and actions taken by the government to enhance it?
Sherif Shaltout: The cybersecurity landscape in Egypt has changed significantly over the past few years. These changes can be seen across three main axes:
1. Government Strategy, Laws and Regulations.
2. Sectorial Regulations
3. The Local Cyber Security Industry Landscape.
On a strategic level, the Egyptian constitution article 31 recognizes the security of cyberspace as an integral component of national security. This was followed by the establishment of the Supreme Council of Cyber Defense in 2014, which then formulated Egypt’s first national 5 year cyber security strategy is 2017, which has then been updated with a new strategy for 2023-2027.
This was augmented by the release of the Cyber Crime Law in 2018 and the Personal Data Protection Law in 2020. These changes represent a significant shift in how the Egyptian government perception of cyber security has changed over the past 10 years.
I have been active in Egypt’s cyber security market since 2002 and between 2002-2012 the conversations has been mostly technical and mainly led by MCIT ad the NTRA, but now the conversation has shifted to the level of a national strategy.
This takes me to the sectorial regulatory landscape. Central Bank of Egypt led the way in 2014 by publishing the first set of cyber security regulatory requirement to govern the digitization of banking services. This was followed by a comprehensive cyber security framework in 2022.
Now we see similar regulatory frameworks by the Financial Regulatory Authority as well as the Energy and Telecommunications Sectors. These sectorial regulations drove demand for cyber security services and solutions which encouraged the establishment of multiple private as well as state owned cyber security firms over the past 5-6 years.
When I started my career in 2002, there wasn’t a single specialized local cyber security company. By 2008 there were around two. In 2024 the numbers had mushroomed to the point that pushed the NTRA to publish a regulatory framework to accredit and license cyber security companies, especially those that are providing their services and solutions to the Egyptian government.
I believe that the market can still benefit from a more level competitive field between private and state owned companies, and I also believe that it is time that we invest resources in driving technological innovation in local cyber security solutions that can compete on a global scale.
FollowICT: What are the key challenges this landscape is witnessing in Egypt?
Sherif Shaltout: There are multiple challenges facing Egypt’s cyber security industry:
1. Talent-drain to neighboring countries.
2. Impact of EGP devaluations on Cyber Security Solutions Cost.
3. The global shift to cloud first solutions.
The past few years have been economically challenging for Egypt. The frequent devaluations to the EGP and the soaring inflation has led to many Egyptian talents to choose to further their careers outside of Egypt, particularly in the GCC region.
The region is witnessing an investment boom and has managed to attract the best of Egyptian talent. This talent drain comes at a critical time for Egypt as it is accelerating the pace of its digital transformation on the backdrop of escalating regional tensions, which has created a significant talent gap at a crucial moment for Egypt.
The devaluation of the Egyptian pound has also impacted the purchasing power of the Egyptian customers whether they are government entities or commercial and financial enterprises. The cost of IT and cyber security solutions has more than tripled since the 2016 devaluation.
The foreign currency crunch that impacted Egypt following the Covid pandemic had also made it difficult to invest in technology due to the difficulty in paying international vendors. Now the market stabilizing around the floating exchange rate policy allowing enterprises to plan future investments with more confidence.
The third challenge is the shift of many cybersecurity technologies to becoming cloud first. Cloud has transformed the global computing scene.
The supply chain crises that followed the pandemic has prompted many global enterprises and rising startups to shift their infrastructure to the cloud to avoid the delays in hardware deliveries and the complexities associated with continuous hardware upgrades.
The rise of AI as a core transformation technology in recent years has further emphasized and highlighted the value of cloud computing as the option with enough computing power to support large scale application of AI technologies to transform global businesses.
Cyber Security vendors are utilizing their cloud infrastructure to collect alerts from sensors all over the world allowing them to have better visibility on emerging attack patterns and malicious activities which cannot be achieved with Siloed on-prem implementations.
Egypt remains behind when it comes to its adoption of cloud technologies as the regulatory frameworks have not yet addressed how to balance the cloud potential and Egypt’s national security and data sovereignty needs.
To this end, I believe it is vital that Egypt creates an environment that can attract Hyperscalers like Microsoft, Google and AWS to set up cloud regions in Egypt like we are currently witnessing in the GCC countries and South Africa.
FollowICT: Do you think the rising usage of AI in Egypt now represents a challenge for the cybersecurity across the country?
Sherif Shaltout: AI is both a challenge and an opportunity. On one hand, the rise of AI has enabled cyber criminals and state sponsored actors to enhance their offensive capabilities.
AI has enabled more realistic phishing attacks as well as more advanced attacks against voice and image recognition technologies of financial institutions. They are also advancing threat actors abilities to identify security vulnerabilities and develop cyber weapons at a much faster pace.
AI use in Egypt remains somewhat limited. Yes, we use the likes of Chat GPT and Deep Seek to get quick answers, assist in research and write code, yet this is not institutionalized.
On the other hand, advancements in AI allows for the development of better and higher quality software leading to fewer vulnerabilities. Utilizing AI enabled security solutions might be the only chance we have to address the talent gap that is emerging in Egypt at the moment.
We simply cannot be left behind in the AI race or our ability to defend our digital assets and national security will degrade exponentially.
FollowICT: And how can the country address these challenges?
Sherif Shaltout: I believe to unlock the potential of AI, Egypt needs to address the following:
1. Provide clear guidance on how local data should be handled by issuing the much delayed executive regulations for the data protection law as well as some for of national data classification guideline that separates data that has to remain in the country and data that can be shared overseas, and under what conditions.
2. Work hard to attract Hyperscalers to set up cloud regions in Egypt by encouraging investments in data center infrastructure and multi carrier connectivity to unlock the compute potential of cloud while addressing national security concerns. Localized regions will enable fast-tracking cloud adoption while taking data residency requirements into consideration.
3. Invest heavily in training and upskilling the Egyptian workforce to raise awareness of the threats associated with proliferation of AI, but also to educate Egyptians on how to also use it enhance cyber defenses and develop secure software.
FollowICT: How can we enhance the people awareness in the country about cyber threats? I mean here the out-of-the-box ideas to deal with rather than media campaigns and so on.
Sherif Shaltout: I believe we need to have a balanced approach when it comes to AI awareness. Yes, there are cyber threats, but there are also cyber security opportunities along with huge productivity and innovation opportunities.
I believe the biggest challenge is that how we upskill the human workforce so that it remains relevant in an age where AI can accomplish many tasks, more accurately, more efficiently and at much bigger scale.
From a cyber security angle, awareness has to start at a very young age in schools and universities.. AI is more complex than to be handled via media campaigns. It is not as simple as not to share their passwords or not to click on links in emails and text messages from unknown sources.
AI represents a fundamental shift in how everything around us works and we need to avoid falling into the trap of scaring people, because the future is going to be AI drive, it will be embedded in the cars we drive, the streaming services we watch and the software we use, and its applications across the various sectors from healthcare to manufacturing to retail are huge.
Awareness has to start with the opportunities and how can we work with AI and must not only focus on threats.
FollowICT: What are the experiences of other countries do you suggests to follow in Egypt in terms of raising the people awareness and also boosting the landscape as a whole?
Sherif Shaltout: Cyber Security Awareness is a challenging subject. Many awareness campaigns focus on raising awareness by focusing on the threats without offering much in the way of solutions or practical steps that people and businesses can adopt.
I believe the banking sector in Egypt has done a good job in addressing issues specific to their industry related to not sharing passwords or personal information, yet more need to done on a national scale.
Raising awareness on a national level would require collaboration between the government, the private sector and the educational sector in order to be effective. The Egyptian Supreme Council for Cyber defense has a huge role to play as the organization with the mandate to coordinate cyber defense on a national level.
If we look at countries like the UK, Austalia and Saudi Arabia, you see national awareness is structured on multiple pillars:
1. Simple guidelines of essential cyber security controls that small business can implement to stay secure. While banks, telcos and critical infrastructure grab the headlines, Small and medium businesses (SMBs) represent almost 45% of the Egypt’s GDP and account for at least 70% of employment. Globally they account for 90% of all businesses. SMBs are part of the supply chain of bigger enterprises.
Because of their limited resources, they remain significantly more vulnerable to cyber threats. They are also becoming increasingly targeted because they are part of the supply chains of bigger organizations.
We see countries like Australia issuing “The Essential Eight” which focus on 8 key controls that small organizations must address to ensure basic hygiene. Similarly UK issued the “Cyber Essentials” and the “10 Steps to Cyber Security” to help smaller organizations focus their efforts on a small number of effective and achievable goals that they can manage and sustain.
2. Collaboration with Schools and Universities to embed cyber security knowledge and training in the school curriculums. It is easier to educate and train children at a young age and develop safe practices into their behavior from a young age than to educate them as adults.
3. Raising awareness regarding who should people and businesses turn to in case of security incident or a security breach. This applies for both individuals and businesses.
In many cases people don’t know what to do and how to seek expert support, which in many cases leave them vulnerable to bad advise or worse further exploitation. Nations have hotlines for citizens and businesses to call and reach out to in case of incident.
This link to national CERTs or specialized units in law enforcement agencies that can provide the necessary guidance to the victims of cyber crime.
4. Run nation wide campaigns during Cyber Awareness Month, which is October of every year. You see coordinated efforts across all industries and government institutions to drive focused campaigns around specific cyber security issues during the month of October of each year in order to raise public awareness.
