
Mastercard has launched a new cybersecurity initiative for Africa. The first two countries getting it are South Africa and Nigeria. Kenya is not on the list yet.
The initiative is called the Africa Cybersecurity Centre of Excellence. Mastercard announced it on 28 June 2026, during a trip to Johannesburg and Abuja by global CEO Michael Miebach. South Africa’s President Cyril Ramaphosa and Nigeria’s President Bola Ahmed Tinubu both appeared alongside Mastercard to back the launch. The company says the idea grew out of earlier talks with both governments. Those talks happened partly around last year’s G20 summit in Johannesburg, the first time the G20 ever met on African soil.
“Africa is dynamic, fast-growing, and ready to scale its digital future,” Miebach said at the launch. “That won’t happen without trust. People don’t use what they don’t trust.” Ramaphosa called it “a welcome step” drawing on “the country’s best and brightest.” Tinubu described secure systems as “critical to inclusion and growth” as Nigeria deepens its digital transformation.
What the Centre actually does
Strip away the corporate language and this is a shared defence system. Banks, government agencies and large businesses that join get three things. First, threat intelligence: early warning about attackers currently active in the region. Second, regular checks on how exposed their own systems are. Third, a forum where security teams compare notes with counterparts elsewhere. Mastercard says it will assess cyber risk across up to 50 organisations in South Africa and Nigeria during the Centre’s first year. It also plans regular practice drills, so organisations are ready before a real attack hits, not scrambling once one starts.
The intelligence behind all this comes from Recorded Future. It’s a firm that scans the open internet and the dark web around the clock. (The dark web is the part of the internet not indexed by normal search engines, often used to trade stolen data.) It looks for warning signs like leaked credentials or chatter about planned attacks. Mastercard is not a neutral bystander here. It bought Recorded Future outright for $2.65 billion, a deal completed in December 2024. Cybersecurity has since become a business of its own for Mastercard, not just overhead. The company says it has put more than $12.6 billion into cybersecurity innovation since 2018, and backed more than 20 cybersecurity-focused startups.
Make tech-ish your favourite news source
Star tech-ish.com on Google. We move up your daily feed.
Why now
Two trends explain the timing. The first is growth. Mastercard’s own projection, from a 2025 commissioned study, puts Africa’s digital economy at $1.5 trillion by 2030. The second is risk. Mastercard estimates only around 35% of cyber incidents on the continent get officially reported. Partly that’s because many organisations lack the tools to detect an attack at all. Partly it’s because some would rather not disclose one publicly. Either way, the true scale is almost certainly worse than any official count shows.
Mastercard names South Africa as the continent’s most targeted market. It says the country accounts for roughly 29% of Africa’s ransomware attacks, where criminals lock up a victim’s data and demand payment to unlock it. It also accounts for about 40% of Africa’s phishing attempts, meaning fake messages designed to trick someone into handing over passwords or financial details. Nigeria, Mastercard says, ranks among the countries worst hit by ransomware and dark web activity.
Independent research backs the broad picture, even where exact figures differ. INTERPOL’s most recent Africa Cyberthreat Assessment found that cyber incidents cost the continent more than $3 billion between 2019 and 2025. It also found that South Africa recorded roughly 17,850 ransomware detections in 2024, using Trend Micro data. That was the highest of any African country that year.
There is a business logic sitting under the public-good framing too. Mastercard built its business on a small fee every time someone swiped a card. It’s now positioning itself to also earn money making sure that swipe isn’t the moment a fraudster gets in. That shift mirrors moves Visa has made too.
Where Kenya fits, for now
Kenya’s absence from phase one is worth noting, given how central the country is to East African fintech. We’ve talked about Kenya being left out in certain stuff.Β We already flaggedΒ when Apple brought Tap to Pay to South Africa in May. Kenyan merchants are still waiting on the local bank and network partnerships that the feature still needs. Mastercard hasn’t said which market comes next, or what Kenya would need for inclusion.
That doesn’t mean Kenyan cybersecurity is standing still, or that Mastercard is absent locally. Kenya’s National KE-CIRT/CC, run by the Communications Authority of Kenya, detected more than 3.3 billion cyber threat events between January and March 2026 alone. Kenya also recorded just over 3,000 ransomware detections in 2024, in the same Trend Micro dataset that ranked South Africa first. Mastercard already runs separate initiatives with Kenyan partners like Safaricom on payments and remittances, too.
What phase one confirms is narrower than a total absence. The specific threat intelligence feed, joint risk assessments and executive-level collaboration under this particular Centre are, for now, a South Africa and Nigeria product.
Anyone in Kenya’s banking or fintech sector wanting to know if that changes should watch Mastercard’s future Africa announcements directly. Don’t assume the rollout widens automatically. The Centre is described as multi-year and phased, which leaves room for other markets. But Mastercard has committed to no timeline, and named no next country.






Join the discussion