Cybersecurity market in Morocco

Economic context

Lying in Northwest Africa, a mere 15 km from Europe, the Kingdom of Morocco ranks as an emerging economy.  Morocco’s economy grew at a rate of 2.5 % in 2019 Footnote 1.  Morocco is home to a population of 36 million.  The two main drivers of GDP per capita are agricultural sector performance and value added from nonagricultural activities.  It grew from $2,000 in 2001 to over $3,400 in 2019.

Morocco maintains free trade agreements with some countries including the European Union, its largest trading partner. Morocco and the European Union signed an association agreement in 1996.  Morocco also has free trade agreements (FTAs) with the United States, European Free Trade Association states, Turkey and the United Arab Emirates. Morocco is also a member of the Agadir Group, an Arab free trade area comprising Egypt, Jordan and Tunisia.  Canada and Morocco enjoy well-established trade relations. Bilateral trade amounted to CAD 916 million in 2019.  In the context of South-South cooperation as heralded by Morocco, some Moroccan firms have successfully established operations in Africa over the past decade. Telecommunications ranks just behind banking and insurance in terms of African investment, with a presence in 10 sub-Saharan countries.

2019 Foreign Direct Investment (FDI) stock to Morocco reached USD 66 billion, a USD 20 billion increase over 2010 levels. Manufacturing accounts for the largest share of FDI flows, along with real estate, telecommunications, tourism, and energy Footnote 2.  In 2018, Quantum Global's research laboratory ranked Morocco as Africa's most attractive country for foreign investment Footnote 3.  In terms of business environment, Morocco ranks 53rd out of 190 countries on the World Bank's Doing Business 2020 report, up seven spots from the previous year.

Information and Communication Technology (ICT) sector overview

With an internet user penetration rate of 74% in 2019, Morocco is the most connected country in Africa. This is according to the International Telecommunication Union's report on global telecommunications development Footnote 4. Morocco has also embarked on its fourth industrial revolution. It‘s one of only five countries in Africa to host over half of Africa's technology centers, namely South Africa, Kenya, Nigeria and Egypt.

In December 2019, Morocco joined the Smart Africa Alliance, comprising some 30 member-countries, accounting for over 750 million people. The Alliance has a vision of creating a single digital market in Africa by 2030. It brings together heads of state seeking to speed up Africa’s digitalization and to create a common market. 

With an estimated CAD 4.6 billion in market size and 60,000 employees, the ICT sector is growing rapidly. Morocco's goal is to increase ICT sector contribution from 3% to 11% of GDP, creating 125,000 new jobs Footnote 5.

In December 2017, Morocco created the Agency for Digital Development (ADD) to carry out the government's digital development strategy. The ADD introduced the General Guidelines Note for Digital Development by 2025, replacing the Digital Morocco 2020 plan. The new Note defines three main objectives:

The World Bank (WB) granted Morocco a USD 700 million loan in February 2019 to speed up Morocco's digital transformation.  In July 2020, WB approved USD 500 million in funding in support of policy reforms needed to create an enabling environment for digital transformation Footnote 6.

Morocco's cybersecurity sector

A Kaspersky study ranks Morocco 34th worldwide in terms of countries targeted by cyber threats. The study also ranked Morocco 3rd on attacks against industrial control systems Footnote 7.

General trends and legal framework

Cybersecurity Maturity Levels in Morocco

The 2018 International Telecommunication Union (ITU) Cybersecurity Index ranks Morocco 97th out of 197 countries. This ranking is based on five key cybersecurity criteria:

Morocco's cybersecurity dashboard

Key cybersecurity criteriaCriteria level
Cybercrime legislationHigh
Cybersecurity legislationHigh
Cybersecurity trainingHigh
CERT/CIRT/CIRT GovernmentalHigh
Standards for organizationsHigh
Standards for ProfessionalsHigh
Online Child ProtectionLow
Organizational responsibilityHigh
Cybersecurity indicatorsLow
Capacity buildingMedium
Standards DevelopmentMedium
Cybersecurity best practicesHigh
Research and development programMedium
Public awareness campaignsHigh
Vocational Training CoursesMedium
Educational ProgramsMedium
Incentive mechanismsLow
Domestic industryLow
Bilateral agreementsMedium
Multilateral agreementsHigh
International CommitmentHigh
Public-private partnershipsLow
Inter-organizational partnershipsLow
Global indexMedium

Source: ITU, Global Cybersecurity Index 2017 -

Despite indicators, and while specific vulnerabilities stay at sectoral CERT levels and in online child protection, global experts recognize Morocco's excellence in legal and technical matters. Cognizant of its cyber-attack exposure risks, Morocco has in recent years committed to enhancing its information systems security capacities.

Morocco's goal to improve its cybersecurity performance transpires in the February 2014 approval of the Budapest Convention on Cybercrime. Morocco also took part in the March 2018 CyberSouth initiative. This initiative is a European cooperation project to combat cybercrime on its southern flank.

The legal and regulatory environment

The Moroccan penal code was strengthened in November 2003 by Law 07-03 defining computer piracy. In February 2009, legislators tackled privacy protection with Law 09-08. It established a National Commission for the Protection of Personal Data (CNDP). Since then, companies that collect personal data must inform and secure the consent of those involved.

Furthermore, the National Defense Administration set up a General Directorate of Information Systems Security (DGSSI). The DGSSI would draft the National Directive on Information Systems Security (DNSSI). Published in December 2013, this directive outlines relevant organizational and technical security measures for public administrations and organizations, as well as vital infrastructures Footnote 8.

In July 2020, the House of Representatives passed Law 05-20 on cyber security.  Under this law, the government can exercise, via the National Cybersecurity Agency, the power to control and protect computer systems and data of both public and private institutions.  Two institutions will be created to this end:

The Act directly impacts companies providing digital services or using computer data.  These companies must now follow international cybersecurity best practices (develop a cybersecurity plan, classify information assets, conduct regular audits, etc.). They must also appoint an Information Systems Security Officer (ISSO) as the official interlocutor with the National Cybersecurity Authority. Further, companies exposed to a cyber-attack must immediately notify the Authority, failing which sanctions are applicable.

The State is directly involved in the security effort through the Moroccan Center for Alert and Management of Computer Incidents (maCERT). maCERT is overseen by the DGSSI. It’s developed in cooperation with South Korea and started in January 2011. It’s the center for monitoring, detecting and responding to computer attacks.  When a critical infrastructure falls victim to an attack, it must report all critical incident data affecting the security or operation of its information systems to maCERT within 48 hours.  These new legal responsibilities imposed on businesses are likely to create increased demand for cyber security goods and services.

Key players

The cybersecurity offering in Morocco features strong international presence including:

Global professional services firms are also present, like Deloitte Morocco and KPMG International, which offer their own cybersecurity services.

The Moroccan market also includes medium-sized players, including:

Foreign software publishers

IT security is a big market segment for leading software publishers present in Morocco.  Some fifteen multinationals, in partnership with local companies, share the market.  Arbor Networks is also present alongside already stated players such as Fortinet, Symantec, Bitdefender, Kaspersky Lab, Palo Alto Networks. As is Japanese cybersecurity software firm Trend Micro, present via Config Maroc (in French only), its local IT products and services distributor. Swiss cybersecurity publisher Oxial, also set-up an office in Morocco to service the African market. Its software enables to rapidly identify people-related risks.

Kaspersky Lab, for example, has been present in Morocco for 15 years, servicing the North Africa region from there.  Kaspersky Lab also works with IT integrators and companies using cybersecurity solutions.

Telecommunication operators

Telecom operators also offer integrated solutions. Two of the three major telecom operators stand out in particular.

Moroccan Cybersecurity Firms

Integrators and consulting firms have emerged in recent years.  Some are IT firms that have incorporated a cybersecurity component.  Most of these firms are however, still tied to their original industry and can hardly be considered full-fledged cybersecurity players. We shall focus here on those that have invested significantly in cybersecurity and acquired specific expertise.


Founded in 2009, Dataprotect has 150 employees and provides a full range of services from consulting, information management, integration and training to infrastructure monitoring through its 24/7 SOC. Dataprotect is PCI QSA accredited in Morocco by the Payment Card Industry Security Standards Council consortium for PCI DSS and PA DSS certifications. Dataprotect is active throughout French-speaking Africa and operates an office in Paris.

LMPS Group

Founded in 2007, LMPS Group offers cybersecurity services to the industrial sector and automotive in particular.  The company strives to be an ISO27001 certified "One-Stop-Cybersecurity Shop", including a CyberSOC (an Intelligent Cybersecurity Supervision Center). The company is present in some fifteen countries across Africa and Europe.

M-Secure IT

M-SecureIT (in French only) is an IT security and infrastructure and application administration specialist. It offers a 24/7 administration center and experts both in France and Morocco. Official representative and silver partner of Fortinet in Morocco.


Nearsecure is an Audit Service Provider for the Security of Sensitive Information Systems of Critical Infrastructures (PASSI) certified by the DGSSI. Nearsecure signed an agreement in November 2020 with French software publisher Nucleon Security.

The cybersecurity market

A 2018 study of Morocco’s cybersecurity market, by the Association of Moroccan Information Systems Users (AUSIM), indicates that an overwhelming majority of companies recognize the importance of cybersecurity, but that resources allocated remain inadequate.  The same study, focusing on large tertiary sector companies, found that:

While over three-quarters of organizations have conducted a cybersecurity audit, the majority have done so only once. However, to be effective, an audit should be regularly repeated. The same goes for cyber-attack simulations. 63% have already carried out a simulation, but only a minority do so on a regular basis.  Almost all organizations deployed security solutions (antivirus, firewall etc.), but 39% still fail to protect their data (encryption, anonymization, etc.).

Moreover, only 31% of organizations report having suffered cyber-attacks, compared to 80% in Europe.  This is likely the result of weak intrusion detection means.  The two most often detected types of incidents are virus attacks and ransom demands.

Cybersecurity is rarely a priority for senior management. As such, a gap exists between top management and those responsible for cybersecurity. Those responsible for cybersecurity face weak IT risk recognition in their organizations.

Business opportunities

Law 05-20 on cybersecurity aims to make large corporations' information systems, telecommunications networks and sensitive data as secure as possible. The Act provides for fines of up to CAD 57,000, with the possibility of harsher penalties in case of repeat offense Footnote 9.

The Covid-19 pandemic compelled companies to speed up digitization and dematerialization processes, thereby facing increased exposure to cyber-attacks.  Pandemic consequences joint with new legal constraints force companies to get the means needed to ensure information systems security. 

Furthermore, Law 05-20 says that "sensitive data must be hosted exclusively on the national territory".  Thus fostering the expansion of the so far undeveloped Moroccan cloud computing industry. Offers are quickly multiplying, initially by telecom operators (Cloud inwi Business and Maroc Telecom) as well as IT firms such as N+ONE, Medafrica Systems and Cloud VPS.  As cloud platforms increase the need for cybersecurity, new Moroccan law opens up broad expansion opportunities for the cybersecurity industry.

Finally, as noted above, the Moroccan government supports private sector involvement in IT training through public-private partnerships (PPP).  Industry associations play a key role in the development of PPPs. This is showed by many initiatives launched by the likes of:

Some multinational companies are involved in projects with universities and other higher education institutions. This includes initiatives by IBM, Huawei, Orange, etc.

The financial sector

The financial sector has become both modern and efficient in just a few years. It’s a major market segment for cybersecurity in Morocco. Improved regulatory framework and compliance with international standards have raised Morocco's financial sector to one of the most efficient in Africa.  The banking rate thus improved to 78% Footnote 10.

The two main characteristics of Morocco's banking sector today are:

Three banks lead this International diversification drive:

The three financial institutions cover some 25 African countries, mainly in West and Central Africa.

Market access strategies

Partnerships or strategic alliances with existing firms form one market access avenue.  This may be an IT firm looking to merge its security footprint. It may also be a cybersecurity firm looking to gain international reach.  In both cases, it’s important to favor win-win solutions based on complementarity.

An important example is the partnership between Romanian cybersecurity publishing multinational Bitdefender and Moroccan firm Disty Technologies. Disty Technologies is a major IT distributor in Morocco with 2,500 sales outlets.  By joining forces with Disty Technologies in January 2020, the Romanian publisher now has access to a first-class distribution network in Morocco.  Conversely, Disty Technologies gained enhanced credibility for its cybersecurity offer.

Insufficient qualified human resources and the government's determination to increase the number of IT and cybersecurity experts underscores the importance of training, which presents some opportunities. Canadian companies and educational institutions can offer services either directly or with local partners. These services are in professional development and certification programs, as well as continuing education.

Other business opportunities include accelerating the digitization of business processes and to diversifying the banking sector internationally. It also includes the E-Gov project, which aims to process 50% of administrative applications online.

Events in Morocco

Les Assises de l’AUSIM – AUSIM Sessions  (in French only)

A three-day event including roundtables, theme-based workshops and networking.

The Cybersecurity Forum

The Cybersecurity Forum taking place annually in Marrakech brings together African IT security decision-makers with interested publishers and manufacturers.  Held in the form of B2B meetings, conferences and workshops.  The next edition is scheduled for June 2021.  

African Security Exhibition & Conference (ASEC EXPO)

Launched in 2019, the ASEC-EXPO exhibition showcases technological solutions across the security spectrum.  It includes a platform for meetings, conferences and workshops. There’s no information on upcoming dates.

Africa IT Expo (Aitex)

Hosted by the Federation of Information Technology, Telecommunications and Offshoring (Apebi), AITEX provides clients with a global platform for IT services and products in Africa. It also promotes sectoral development and innovative solutions on the continental level.  There’s no information on upcoming dates.  

Les rendez-vous de l’AUSIM – AUSIM appointments (in French only)

One-hour or so webinars held irregularly on IT-related topics.

Useful websites

Date Modified: