On the sidelines of the Cyber Africa Forum 2025, ASIN presented its first-ever report on vulnerabilities and incidents in Benin’s cyberspace on June 25, 2025. The presentation session was co-hosted by ASIN Director General Marc-André LOKO and CNIN Director General Ouanilo MEDEGAN FAGLA.
Digital transformation in Benin exposes cyberspace to increasing risks. This report, covering the period 2021-2024, analyzes the vulnerabilities and incidents identified in public institutions and critical infrastructure operators (CIOIs).
For Marc-André LOKO, Director General of ASIN, cybersecurity is an area that must continue to be modernized. He emphasized that Information Systems Security Managers (ISSMs) are no longer mere collaborators of IT departments, but essential pillars of digital governance.
According to Ouanilo MEDEGAN FAGLA, Director General of the National Center for Digital Investigations (CNIN), the report aims to raise awareness, guide cybersecurity policies and propose recommendations to strengthen the security of information systems.
Between 2021 and 2024, 878 vulnerabilities were identified: 30% low risk, 23% moderate, 24% high, 23% critical. Critical vulnerabilities include:
- Broken Access Control (41 cases): unauthorized access.
- Sensitive Information Disclosure (26 cases): leak of sensitive data.
- Broken Authentication (24 cases): authentication flaws.
- Remote Code Execution (RCE) (23 cases): remote code execution.
- SQL Injection (18 cases): database manipulation.
The most affected sectors are Public Services (326 cases), Finance (155 cases), and Digital (117 cases). The main causes include misconfiguration of security settings (296 occurrences) and inadequate management of roles and permissions (142 occurrences).
832 password breaches were recorded, mainly in the Finance (406 cases) and Public Service (226 cases) sectors. The most frequent incidents include:
• Malware Infection (23 cases).
• Website Hacking (12 cases).
• Botnets (7 cases). Causes include the use of outdated software, lack of awareness, and lack of security patches.
Audits reveal significant gaps in the implementation of the State Information Systems Security Policy (PSSIE). Compliance rates range from 6% to 87%, with gaps in governance, asset management, network security, and staff awareness.
Source: www.asin.bj
