Rabat — Artificial intelligence is now the top cybersecurity concern for Moroccan organizations, overtaking cloud-related risks. This is one of the key takeaways from the 2025 “Ausimètre” report, conducted by the Moroccan Association of Information Systems Users (AUSIM) in partnership with PwC.
The annual survey reveals a growing sense of unease around AI-driven threats, with one in three companies saying AI has increased their attack surface. Targeted attacks like deepfakes, AI-generated phishing, and self-morphing malware are putting pressure on security teams across sectors.
Yet, many organizations are still playing catch-up.
- 42% of businesses say they don’t have internal policies guiding the use of generative AI.
- Another 42% admit employees haven’t been trained to use it safely.
- And 36% reveal that staff are using AI tools without any supervision at all.
A senior cybersecurity official in Morocco didn’t mince words: “Without strict governance, AI becomes a significant vulnerability.”
Security maturity still lags
The report also highlights another major challenge: investment. A third of Moroccan companies are still operating at the most basic level of cybersecurity maturity, with tight budgets limiting their ability to respond to increasingly advanced attacks.
This funding gap is also slowing down the secure adoption of other emerging technologies like blockchain, robotics, and virtual reality—many of which remain under-protected in enterprise environments.
Global vs. local response
Globally, cybersecurity leaders are responding.
- 67% acknowledge the risks posed by AI.
- 78% have increased their security budgets to keep up.
In Morocco, only 18% of surveyed companies have made similar budget adjustments.
Cloud security is also flagged as a weak spot. Many businesses lack clear responsibilities, strong contractual protections, and robust disaster recovery plans.
Cautious optimism on AI’s potential
Still, not all the news is grim. Around 60% of Moroccan businesses plan to adopt AI for better threat detection, log analysis, and security operations.
Experts say that’s a step in the right direction — but without solid policies, strong leadership, and a deeper commitment to security governance, these ambitions might fall short.
Leave a Reply