Rabat – Artificial intelligence has become the leading cybersecurity concern for Moroccan organizations, surpassing even cloud-related risks, according to the 2025 “Ausimètre” report. 

Conducted by the Moroccan Association of Information Systems Users (AUSIM) in collaboration with PwC, the annual survey paints a concerning picture of a cybersecurity landscape increasingly shaped by advanced and sophisticated threats.

One in three companies reported that the integration of AI has expanded their attack surface, with many citing targeted and automated attacks such as machine learning-powered phishing, deepfakes, and polymorphic malware. 

Despite these risks, 42% of surveyed organizations acknowledged lacking internal policies to regulate the use of generative AI, while another 42% admitted to not providing sufficient employee training in its use. Alarmingly, 36% said their staff use these tools without supervision, raising fears of data breaches and malicious exploitation.

A Moroccan cybersecurity official described the situation as critical, warning that “without strict governance, AI becomes a significant vulnerability.”

As organizations confront these new threats, many are turning to Zero Trust strategies to manage access control and limit potential breaches.

The survey found that more than half of the respondents prioritize employee awareness as their primary line of defense, followed by identity and access management and broader security governance. These findings suggest a growing understanding that cybersecurity must go beyond technology and become a part of organizational culture.

Read also: Transparency Maroc: CNSS Data Breach Exposes Critical Flaws in Morocco’s Cybersecurity

A major hurdle remains, however: investment. A third of Moroccan companies are still operating at a basic level of cybersecurity maturity, with limited budgets hindering their ability to respond to increasingly complex attacks. 

This underinvestment is also affecting the secure adoption of emerging technologies such as blockchain, robotics, and virtual reality, which remain largely unprotected in many organizations.

Globally, the gap is widening. While 67% of cybersecurity leaders worldwide report AI-related risks, 78% have increased their cybersecurity budgets to address them. In Morocco, only 18% of surveyed organizations have followed suit. Cloud security also remains a weak point, with many companies lacking clearly defined responsibilities, proper contractual protections, and well-tested recovery plans.

Still, the report shows cautious optimism. Around 60% of Moroccan businesses plan to harness AI to enhance threat detection, log analysis, and security operations. Experts warn, however, that these ambitions must be matched with clear internal policies, strong leadership, and a firm commitment to security governance.

The AUSIM 2025 report concludes with a clear message: without bold governance and adequate investment, Moroccan organizations risk falling behind in the global fight against cybercrime.