Hicham Chiguer: «The ecosystem is under construction in the face of a changing threat »

As the digitalization of economic sectors accelerates, the issue of cybersecurity is becoming a major strategic challenge. What is Morocco’s real maturity in the face of increasingly sophisticated threats?

How is the ecosystem structured to support this digital transformation securely? The point of view of the president of the Association of Information Systems Users (AUSIM).

At a time when digitalization is accelerating in all sectors, what is Morocco’s true maturity in cybersecurity?

Morocco has made notable progress in digital transformation, but cybersecurity maturity remains heterogeneous depending on sectors and the size of organizations.

According to the Ausimètre 2024 (the cybersecurity barometer in Morocco in its first edition, a national survey led by AUSIM in partnership with PwC), awareness of cyber risk is real and growing. 90% of companies surveyed rank cyber risks as their number one priority for 2024.

Nevertheless, this maturity still faces challenges, such as rationalizing investments, the shortage of qualified talent, and integrating cybersecurity into the strategic governance of companies.

How are company and citizen data protected against a growing cyber threat?

Morocco has established a robust regulatory framework: Law 09-08 on the protection of personal data, Law 05-20 on cybersecurity, and the National Directive on Information Systems Security (DNSSI). Despite this, the country remains the most targeted in Africa by banking Trojan horses and the second by ransomware according to Interpol.

Data protection thus relies on a triptych: governance, technology, and training/awareness. While some companies are already implementing post-attack reconstruction plans, the urgency remains to generalize awareness and anticipation.

The Moroccan cybersecurity sector is undergoing significant change. What is its current size? And what growth prospects does it outline in this context of widespread digitization?

The sector is still young but growing rapidly. Morocco has national champions known and recognized by the DGSSI, Moroccan official bodies, mature companies in cybersecurity, which also operate internationally.

The potential for skills in this area is promising. We certainly need more volume to meet the needs of companies and professionals in the sector. There is a trend of increasing IT security budgets.

This trend should intensify with the emergence of GenAI, hybrid Cloud, and managed services. Outsourcing cybersecurity services, now a reality, illustrates the rise of the Moroccan market, which is beginning to integrate into regional and international value chains.

Unfortunately, numerical data remain scarce and companies are very discreet on this subject, for obvious confidentiality reasons. Nevertheless, the sector’s growth can be estimated by the number of players. Twenty years ago, barely a dozen companies operated in cybersecurity.

Today, there are more than a hundred, active at different levels, and some created by Moroccans from the diaspora even develop their own solutions.

What are the most striking lessons from the latest cybersecurity barometer published by AUSIM?

Several strong signals emerge. Cyber risk is now recognized as the main risk to be addressed by Moroccan leaders. Data breaches are the most feared consequence ahead of reputational damage.

Cyber investments continue, but an increased demand for efficiency and return on investment is beginning to emerge. The need for specialized talent is glaring: 96% of companies consider skills development crucial.

Finally, the integration of cyber resilience is becoming a strategic objective beyond simple protection.

Faced with international giants, do Moroccan start-ups have a place to take in cybersecurity? Is the ecosystem open and dynamic enough for these young companies?

Yes, without a doubt. The Moroccan environment is structuring itself to allow the emergence of a network of local start-ups. Initiatives are emerging around sovereign cybersecurity, risk analysis, and advanced detection.

The challenge? Accessing public and private markets, forging strategic partnerships, and enhancing the attractiveness of cyber careers among young talent. Synergy between large groups, public bodies, and young companies is essential to build sustainable digital sovereignty.

On our side, AUSIM has established 4 Ausmose Clubs to strengthen our exchanges and best practices around 4 essential themes chosen by our members: cybersecurity, Cloud, AI, and company-startup relations.

We work to demystify concepts, bring trends and best practices closer to the community, share scientific content through white papers, barometers, webinars, and physical events, and connect members for better experience feedback. The reveal of the second edition of the cybersecurity barometer in Morocco will be unveiled on May 15.

Finally, you mentioned the skills deficit. Should more people be trained?

We have excellent profiles and a promising talent pool. But it is clear that we must continue to invest in training. Needs are enormous and demand is growing faster than supply.

We must not only strengthen existing curricula but also promote bridges between universities, engineering schools, and the professional world.