Protecting Mozambique’s digital future: Cyber resilience for jobs, trust, and growth
Protecting Mozambique’s digital future: Cyber resilience for jobs, trust, and growth
Publish Date: 2026-05-20 17:44:00
Source Domain: blogs.worldbank.org
Using an unordered list, summarize the following article with between 4 and 8 key points.
On a hot afternoon in 2018, hospitals, schools, hotels, and small businesses across Mozambique suddenly found themselves unable to process electronic payments. Patients could not pay doctor fees, parents could not settle school charges, motorists could not purchase fuel, and travelers both in-country and abroad were left unable to pay their bills. The cause was not a power outage nor maintenance, but a system-wide failure of the country’s national payment system, SIMORede.
The blackout was triggered unexpectedly by a licensing dispute with the system’s software provider. Although not malicious, the incident exposed a critical and often overlooked dimension of cybersecurity and digital resilience—the dependence of essential services on external vendors and contractual agreements. When these relationships break, they can compromise the availability of critical digital infrastructure just as severely as a cyberattack.
The incident highlighted a core principle of cybersecurity: the CIA triad—confidentiality, integrity (accuracy and reliability), and availability. Here, the loss of availability alone was enough to generate widespread social and economic disruption. In fragility, conflict, and violence (FCV) settings such as Mozambique, where alternatives are limited, and trust in institutions is fragile, such disruptions are especially consequential. They affect services and firms, workers, and students who depend on digital systems for their jobs and education.
When we began working with Mozambique to strengthen the safety and reliability of its digital systems, we were reminded that cyber resilience directly affects people’s daily lives and economic opportunities. For youth in cities, it can mean the difference between keeping an online job, losing income to fraud, or being shut out of digital education. For families in rural villages, it determines whether mobile money transfers, public services, or basic health care remain available. Digital disruptions can, therefore, carry outsized social and economic consequences and underscore why Mozambique’s digital ambitions must advance hand in hand with cyber resilience.
With World Bank support the Mozambique Digital Acceleration Project (MDAP) is accelerating connectivity and digital transformation and over the next three years aims to:
connect 300 previously uncovered localities;
provide 5.2 million people with new or improved broadband access; and
enable 1,000 educational institutions to use digital technologies to improve learning outcomes.
These are ambitious goals, particularly in an FCV setting. They also speak directly to the jobs agenda. Expanding digital access helps young people build skills, small businesses reach customers, support entrepreneurs, improve service delivery, and create the foundations for a more inclusive digital economy. But for these gains to translate into jobs and better livelihoods, people and firms must be able to trust the systems they use.
More people online means more exposure to risks, such as cyber incidents, service disruptions, fraud, and loss of trust. Consequently, the Government of Mozambique allocated $11 million specifically for cybersecurity and in an FCV context, this represents a meaningful commitment—not to copy-paste models from high-income countries, but to lay the foundations for essential institutions, skills, and incident-response capacity. A key lesson: achieving digital resilience in FCV countries depends as much on prioritization and sequencing as on the volume of cybersecurity investments.
One of the most pragmatic choices Mozambique has made is to keep cybersecurity governance simple and build on existing institutions. The government expanded the mandate of the National Institute of Information and Communication Technologies (INTIC), the ICT regulatory authority, to coordinate cybersecurity policy. Sector regulators—telecoms, finance, energy, and others—retain supervisory responsibilities within their domains. A national Computer Security Incident Response Team (CSIRT) has been established within INTIC and is guiding the emergence of sectoral CSIRTs. From our perspective, this incremental approach of pooling expertise, avoiding duplication, and relying on cooperation rather than heavy structures, is well-suited to an FCV context.
Mozambique’s explicit embrace of prioritization has also been important. Even with unlimited resources, no country can protect everything equally. The country is therefore mapping Critical Information Infrastructure (CII) and conducting business-impact and risk assessments to identify the “hard kernel” of assets with the greatest national consequences in the event of failure. Compliance will begin with the minimum, tiered baseline, expanding outward as capacity grows. This bottom-up, risk-oriented sequencing makes each dollar count and aligns with the pending legal framework that will designate CII operators and proportionate obligations. In FCV settings, resilience often stems less from scale than from sequencing, coordination, and trust- both across institutions and with operators. These are also the conditions that allow digital systems to support jobs and growth: businesses need reliable platforms, workers need secure access to digital tools, and citizens need confidence that essential services will function when they need them most.
Mozambique is also drawing on the World Bank’s Multi-Donor Cybersecurity Trust Fund to access expertise and accelerate progress. Through this support, the government has worked with the global Forum of Incident Response and Security Teams (FIRST) on incident-management governance and has integrated its national CSIRT into FIRST’s Suguru Yamaguchi Fellowship Program. Regionally, Mozambique has also hosted cyber drills with AfricaCERT. The results so far are encouraging. Mozambique’s score on the ITU Global Cybersecurity Index rose from 24.18 in 2020 to 66.1 in 2024, placing it above many FCV peers and the African average (57/100).
Following Parliament’s unanimous approval of the Cybersecurity Law in April 2026, the next phase– further operationalizing sectoral incident-response, and enforcing compliance– will require sustained focus, coordination, and financing. For policymakers working in FCV contexts, Mozambique’s experience shows that credible cyber resilience can be built through simplicity, prioritization, and trust.
Read more: Digital First Responders
