Egypt

Cybersecurity in Egypt: A Rapidly Evolving Digital Landscape

Egypt is one of the largest and fastest-growing digital economies in the Middle East and Africa, with over 80 million internet users and a rapidly expanding technology sector. This digital transformation has brought significant economic benefits, but it has also made the country an increasingly attractive target for cybercriminals. With estimated annual cybercrime losses of approximately $4 billion and a cybersecurity market projected to reach $287 million by 2029, Egypt is investing heavily in building its cyber defenses while confronting the unique challenges of securing a large, diverse, and rapidly digitizing population.

Egypt's Cybersecurity Regulatory Framework

Egypt has developed a comprehensive legal and regulatory framework to address cybersecurity and cybercrime, anchored by several key pieces of legislation and government institutions.

The Cybercrimes Law (Law No. 175 of 2018): This foundational legislation criminalizes a wide range of cyber offenses including unauthorized access to information systems, data interference and destruction, identity theft, online fraud, the creation and distribution of malicious software, and attacks against critical information infrastructure. The law establishes penalties ranging from fines to imprisonment, with enhanced penalties for attacks targeting government systems or critical infrastructure. Its executive regulations provide detailed implementation guidance for law enforcement agencies and the judiciary.

The Personal Data Protection Law (Law No. 151 of 2020): Modeled in part on the European Union's GDPR, Egypt's data protection law establishes rules governing the collection, processing, storage, and transfer of personal data. The law requires organizations to obtain consent for data processing, implement appropriate security measures to protect personal information, notify authorities of data breaches, and appoint data protection officers in certain cases. The law applies to data processing activities carried out within Egypt as well as to Egyptian data subjects' information processed abroad, giving it extraterritorial reach.

The National Telecom Regulatory Authority (NTRA): The NTRA serves as Egypt's primary telecommunications regulator and plays a central role in cybersecurity oversight. The authority is responsible for ensuring the security and resilience of telecommunications networks and services across the country. In 2024, the NTRA published a regulatory framework to accredit and license cybersecurity companies, particularly those providing services to the Egyptian government, establishing quality standards and accountability requirements for the cybersecurity industry.

The Supreme Cybersecurity Council: Established under Egypt's National Security Council, the Supreme Cybersecurity Council is responsible for formulating and implementing Egypt's national cybersecurity strategy. The council coordinates cybersecurity policy across government ministries, oversees the protection of critical information infrastructure, and sets strategic priorities for the country's cyber defense posture. The council's work aligns with Egypt's broader Vision 2030 development strategy, which emphasizes digital transformation and ICT development.

Key Cybersecurity Institutions

EG-CERT (Egyptian Computer Emergency Readiness Team): Established by the NTRA, EG-CERT serves as the national incident response center for cybersecurity events affecting Egypt. The team monitors cyber threats, coordinates responses to significant incidents, provides technical assistance to affected organizations, and issues advisories and alerts about emerging threats. EG-CERT also participates in international information sharing networks and cooperates with CERT teams in other countries to track and mitigate cross-border cyber threats.

The Information Technology Industry Development Agency (ITIDA): ITIDA supports the development of Egypt's IT industry, including cybersecurity companies and services. The agency promotes local cybersecurity innovation, supports technology startups, and works to position Egypt as a regional hub for cybersecurity expertise and services.

Sector-Specific Regulators: Beyond the NTRA, sector-specific regulators have issued their own cybersecurity frameworks. The Financial Regulatory Authority has published cybersecurity requirements for financial institutions, while the energy and telecommunications sectors have developed targeted security regulations. This multi-layered approach ensures that critical sectors face appropriate cybersecurity requirements tailored to their specific risk profiles.

Major Cyber Threats Facing Egypt

Egypt's cybersecurity landscape is shaped by its unique position as a major Middle Eastern and African economy with a large, increasingly connected population. Several threat categories are particularly prevalent.

Phishing and Social Engineering: Phishing attacks represent one of the most significant cyber threats in Egypt. Attackers craft messages in Arabic and English that impersonate banks, government agencies, telecommunications providers, and popular e-commerce platforms. The rapid growth of mobile banking and digital payment services in Egypt has created new opportunities for phishing campaigns that target users who may be relatively new to digital financial services. Social engineering attacks exploit trust in authority figures and institutions, making Egyptian users particularly vulnerable to scams that impersonate government officials or well-known companies.

Financial Fraud and Banking Threats: As Egypt's financial sector undergoes digital transformation, cybercriminals have targeted online banking platforms, mobile payment applications, and ATM networks. Malware designed to steal banking credentials, SIM-swapping attacks that bypass SMS-based two-factor authentication, and business email compromise schemes targeting Egyptian businesses have all increased. The Central Bank of Egypt has responded by mandating stronger security controls for financial institutions and promoting cybersecurity awareness among banking customers.

Ransomware: Egyptian organizations, including healthcare facilities, educational institutions, and small-to-medium enterprises, face growing ransomware threats. Many organizations in Egypt still rely on legacy systems and may lack comprehensive backup strategies, making them attractive targets for ransomware operators who know that victims without proper backups are more likely to pay. The combination of rapid digital adoption and varying levels of cybersecurity maturity across different sectors creates an uneven defensive landscape.

Critical Infrastructure Threats: Egypt's critical infrastructure, including its telecommunications networks, power grid, the Suez Canal operations, oil and gas facilities, and transportation systems, faces persistent cyber threats from both criminal actors and state-sponsored groups. The geopolitical significance of Egyptian infrastructure, particularly the Suez Canal through which approximately 12% of global trade passes, makes it a strategic target for adversaries seeking to cause economic disruption.

Mobile Security Threats: With smartphone penetration rapidly increasing across Egypt, mobile-specific threats have become a major concern. Malicious apps distributed through unofficial app stores, SMS-based scams, and mobile malware that targets banking applications are particularly prevalent. The large number of users accessing the internet primarily through mobile devices means that mobile security is a critical component of Egypt's overall cybersecurity posture.

Egypt's Digital Transformation and Cybersecurity

Egypt's Vision 2030 strategy includes ambitious digital transformation goals that intersect directly with cybersecurity. The government has launched several major digitization initiatives including the Digital Egypt platform for government services, the expansion of fiber-optic broadband infrastructure, the development of smart city projects including the New Administrative Capital, and the promotion of fintech and digital banking services. Each of these initiatives requires robust cybersecurity measures to succeed.

The country has also invested in cybersecurity education and workforce development. Egyptian universities have expanded their cybersecurity programs, and the government has partnered with international organizations to provide training and capacity building. Egypt hosts regional cybersecurity conferences and has developed local cybersecurity competitions (Capture the Flag events) to identify and nurture domestic talent. These efforts are critical given the global cybersecurity skills shortage, which affects Egypt just as it affects other nations.

Cybersecurity Awareness for Individuals in Egypt

For the millions of Egyptians who go online every day, basic cybersecurity awareness is essential. Key recommendations include:

• Verify before you trust: Never click on links or download attachments from unexpected messages, whether received by email, SMS, or social media. Verify the sender's identity through an independent channel before responding to any request for personal information or money.
• Protect your accounts: Use strong, unique passwords for each online account and enable two-factor authentication wherever available. Avoid using the same password across multiple services.
• Secure your mobile devices: Only install apps from official app stores (Google Play Store or Apple App Store). Keep your device's operating system and apps updated. Be cautious about granting app permissions, especially for access to contacts, messages, or financial data.
• Be cautious with public Wi-Fi: Avoid accessing banking or sensitive accounts while connected to public Wi-Fi networks. If you must use public Wi-Fi, use a VPN to encrypt your connection.
• Report suspicious activity: Report cybercrime incidents to the appropriate authorities. EG-CERT and law enforcement agencies can investigate and help prevent further victimization.

Relevance for Southern California

Understanding Egypt's cybersecurity landscape is relevant for residents of Orange County, Riverside County, and the broader Southern California region for several reasons. Southern California has a significant Egyptian-American community, and many local businesses maintain trade relationships with Egyptian companies. Cyber-enabled fraud originating from or routed through various countries, including in the Middle East and North Africa region, can target U.S. residents. Additionally, understanding how different countries approach cybersecurity regulation provides valuable context for evaluating global data protection standards and the international regulatory environment that increasingly affects businesses operating across borders.

Free Resources

• National Cyber Security Index - Egypt - Egypt's rankings across cybersecurity preparedness indicators
• ITU Global Cybersecurity Index - International rankings including Egypt's cybersecurity maturity assessment
• CISA Shields Up - U.S. government guidance on protecting against international cyber threats
• ENISA Threat Landscape - European cybersecurity agency's global threat assessment with MENA region coverage
• FBI Internet Crime Complaint Center (IC3) - Report international cyber fraud targeting U.S. residents
• Egypt Data Protection Laws Guide - Comprehensive overview of Egypt's data protection legal framework