As Ethiopia accelerates its national digital transformation, cybersecurity is no longer a secondary concern; it has become a central pillar of sustainable development. The rapid expansion of digital services such as electronic ID systems, mobile payments, online government platforms, and cloud infrastructure has introduced new opportunities but also new risks. The need to protect our digital ecosystem has never been more pressing.

Understanding where Ethiopia stands in terms of cybersecurity readiness is critical not just for policymakers, but for businesses, IT professionals, investors, and the public at large. The recently published Global Cybersecurity Index (GCI) 2024 by the International Telecommunication Union (ITU) provides valuable insights into this landscape. The GCI assesses countries based on five core pillars: Legal Measures, Technical Measures, Organizational Measures, Capacity Development, and Cooperation. Each pillar is scored out of 20, with the total determining a country’s global standing, from Tier 1 (most prepared) to Tier 5 (least prepared).

In the 2024 edition, Ethiopia scored 76.34 out of 100, placing it in Tier 3: “Establishing”. This reflects considerable progress from previous years and places the country among a group of African nations that are building strong cybersecurity foundations yet still have room to mature in both policy and technical execution.

Legal Measures – A Strong Legislative Foundation

In this category, Ethiopia achieved its highest score of 18.80 out of 20, demonstrating significant legislative progress. Between 2020 and 2024, the country improved from a score of 11.56 to 18.80, reflecting ongoing efforts to establish laws that address cybercrime, personal data protection, and digital rights.

Ethiopia’s legal backbone includes Proclamation No. 958/2016 on Computer Crimes, which covers unauthorized access, data interference, hacking, and the spread of malicious software. This law enables law enforcement to investigate and prosecute cybercrimes, especially those that target critical national infrastructure.

Further progress is anticipated through the country’s draft Data Protection Proclamation, which is aligned with global benchmarks such as the EU’s General Data Protection Regulation (GDPR). Once ratified, this legislation will strengthen privacy protections and establish an independent regulatory authority.

Technical Measures – Growing Capability, But Gaps Remain

Ethiopia’s technical measures score rose from 4.46 in 2020 to 14.42 in 2024. This pillar evaluates a country’s ability to detect, respond to, and recover from cyber incidents. While Ethiopia has made considerable gains, much of the technical infrastructure is still in development.
The Information Network Security Administration (INSA) serves as Ethiopia’s national technical lead, managing government system security and cyber incident response. While INSA has improved oversight, the country still lacks a fully operational multi-sectoral Computer Emergency Response Team (CERT) that extends beyond the public sector.

Furthermore, cybersecurity standards and risk management protocols are not yet uniformly applied across key sectors such as banking, healthcare, and telecommunications. This inconsistency limits the country’s ability to respond cohesively to large-scale threats. However, enhanced monitoring capabilities and growing technical expertise point toward continued progress.

Organizational Measures – Strategy in Place, Execution in Progress

Under organizational measures, Ethiopia’s score increased from 8.03 in 2020 to 12.10 in 2024. This pillar focuses on strategic direction and governance specifically, whether a country has developed a national cybersecurity strategy and established coordination mechanisms.
Ethiopia adopted its National Cybersecurity Strategy (2021–2025), which outlines goals related to infrastructure protection, digital trust, data governance, and stakeholder engagement. However, execution has been uneven. Operational responsibility largely rests with INSA, and there is currently no independent national cybersecurity coordination body. Additionally, a clear framework to monitor and evaluate progress remains absent. Addressing these structural limitations is essential for turning strategy into impact.

Capacity Development – Building Human Capital and Awareness

Perhaps the most encouraging sign of growth lies in Ethiopia’s investment in talent and awareness. The country’s score under capacity development jumped from 3.69 in 2020 to 15.34 in 2024.

Universities across Ethiopia have introduced specialized cybersecurity degree programs at both undergraduate and postgraduate levels. Government institutions like INSA also provide short-term training and certifications for public sector professionals.

Despite these efforts, the private sector still faces a shortage of qualified cybersecurity professionals. Cyber literacy remains low in many schools and public institutions. While collaborations with international donors and private partners have begun to fill some of these gaps, a comprehensive national policy to scale training and education is urgently needed.

Cooperation – Encouraging Progress, But Still to Be Institutionalized

On the cooperation front, Ethiopia has made one of its most dramatic improvements, moving from 0.00 in 2020 to 15.68 in 2024. This pillar assesses both international engagement and domestic collaboration between government, industry, academia, and civil society.

Ethiopia is a signatory to the African Union’s Malabo Convention, a regional treaty covering cybersecurity, electronic transactions, and data protection. However, the treaty has not yet been ratified, which is a critical step toward aligning with regional and continental standards.

While INSA has initiated bilateral cyber dialogues, Ethiopia still lacks a formalized national mechanism for public-private collaboration, joint cyber incident response planning, and threat intelligence sharing. Strengthening these institutional linkages is essential to improve national cyber resilience and to foster trust among stakeholders.

Laying the Groundwork for Cyber Sovereignty

Ethiopia has made notable progress in strengthening its cybersecurity framework, with its Global Cybersecurity Index (GCI) score increasing from 27.74 in 2020 to 76.34 in 2024. This improvement reflects efforts across several key areas, including legal reform, institutional development, technical upgrades, and skills development. However, further action is needed to reach a higher level of preparedness.

While Ethiopia has established a strong legal foundation, ensuring consistent enforcement and keeping legislation up to date with new threats remains important. There is also a need to harmonize cybersecurity practices across different sectors. Standardized policies, regular risk assessments, and stronger security controls can help create a more cohesive national approach.

In terms of international cooperation, Ethiopia has taken positive steps but should deepen its engagement by ratifying key conventions, participating in structured information-sharing initiatives, and taking part in joint preparedness exercises. Technically, continued investment is required in infrastructure, security technologies, and incident response systems to improve readiness and resilience.

Workforce development should also remain a priority. Expanding cybersecurity education and training opportunities, supporting research, and encouraging partnerships between universities, government, and private organizations can help meet the growing demand for skilled professionals. In parallel, improving cybersecurity awareness across the public and private sectors will help reduce risks and support safer digital practices.

Lastly, maintaining cybersecurity requires regular review and adjustment. Monitoring emerging risks, updating systems and policies, and staying current with global developments will be essential to protecting Ethiopia’s digital infrastructure. With a clear focus on implementation and collaboration, the country can continue strengthening its national cybersecurity capacity.