Algeria’s Cybersecurity Startups: How an $11M Fund and Decree 26-07 Create a New Market

The Catalyst: $11 Million for Cybersecurity, AI, and Robotics

In February 2025, Algeria’s state-owned telecommunications operator Algerie Telecom announced a 1.5 billion DZD fund (approximately $11 million) targeting startups working in artificial intelligence, cybersecurity, and robotics. The fund was unveiled by Minister of Post and Telecommunications Sid Ali Zerrouki at the third edition of Algeria’s CTO Forum, as part of the state’s broader national AI and digital transformation strategy.

This is not a general-purpose tech fund. By explicitly including cybersecurity alongside AI and robotics, the government has signaled that it views cyber defense not merely as a compliance requirement but as a growth sector with commercial potential.

Frequently Asked Questions

Capital. While the Algeria Startup Fund (ASF), established in partnership with public banks with a capital of 2.4 billion DZD, has funded over 100 startups across 20 sectors in 22 provinces, cybersecurity ventures have historically received minimal attention from generalist funds. A dedicated fund removes the competition for capital between cybersecurity startups and, say, e-commerce or fintech ventures.

Market demand. Presidential Decree 26-07 now requires every public institution to create a cybersecurity unit, conduct risk mappings, deploy monitoring tools, and coordinate with ASSI. Hundreds of institutions need help — and most of them need it now. This regulatory mandate converts a vague aspiration into a concrete, budget-backed requirement.

The Demand Side: Decree 26-07 Creates a Market Overnight

Understanding the opportunity for cybersecurity startups requires understanding the demand that Decree 26-07 has created. Signed on January 7, 2026 and published in the Official Gazette on January 21, 2026, the decree establishes the operational framework for cybersecurity across all public institutions.

Every Algerian public institution — ministries, agencies, state enterprises, wilayas, public hospitals, universities — must now establish a dedicated cybersecurity unit separate from IT, reporting directly to the institution head. These units must perform risk mapping, deploy remediation plans, maintain continuous monitoring, and coordinate with the national Information Systems Security Agency (ASSI), which operates under the Ministry of National Defense.

Most of these institutions have never conducted a formal cybersecurity risk assessment. They do not have SIEM platforms, intrusion detection systems, or incident response procedures. They need everything — from initial assessments to ongoing managed services.

Algeria recorded over 70 million cyberattacks in 2024, ranking 17th globally among the most targeted nations according to Kaspersky. The country also blocked more than 13 million phishing attempts and nearly 750,000 malicious email attachments during the same period. This threat environment makes the decree not just regulatory compliance but operational necessity.

The Supply Side: Algeria’s Local Cybersecurity Firms

Algeria’s cybersecurity service provider ecosystem is small but growing. Several local firms are positioned to capture the demand wave:

UNIDEES. One of Algeria’s most established cybersecurity companies with over 20 years of experience, UNIDEES specializes in consulting, auditing, and integration services. The company holds ISO 27001 certification for its CSIRT and Managed SOC scope, and partners with international vendors including Fortinet, Symantec, and Veritas for solutions spanning advanced firewalls, endpoint security, data loss prevention, and backup systems.

GEMA. Known for its IT services portfolio, GEMA offers cybersecurity assessments, endpoint security solutions, and cyber hygiene training for Algerian enterprises and institutions.

BeeNet. A growing player in the market, BeeNet provides email security, cloud protection, intrusion prevention systems, and cybersecurity audits.

Winbest Net. Focused on SME digital transformation, Winbest Net offers firewall configuration, antivirus deployment, and secure web hosting with embedded cybersecurity tools.

• Managed Detection and Response (MDR) — 24/7 security monitoring as a service, critical for institutions that cannot staff round-the-clock SOCs.
• Security Awareness Training Platforms — scalable, Arabic-language training platforms tailored to Algerian public sector employees.
• Threat Intelligence Platforms — localized threat feeds covering Algeria-specific attack patterns and threat actors.
• Identity and Access Management (IAM) — solutions for managing privileged access across government networks.
• Incident Response Retainers — pre-contracted rapid response teams available when breaches occur.
• OT/ICS Security — specialized cybersecurity for industrial control systems in oil and gas, power generation, and water treatment. With Sonatrach and Sonelgaz operating vast SCADA networks, this is a high-value niche that requires deep domain expertise.
• Compliance Automation — platforms that help public institutions track their Decree 26-07 compliance status, manage risk registers, automate audit reporting, and coordinate with ASSI.
• Arabic-Language Security Tools — dashboards, alert systems, and training content localized for Arabic-speaking security teams. Most commercial cybersecurity tools default to English, creating friction for non-English-speaking operators.

Each of these gaps represents a startup opportunity. The Algerie Telecom fund, combined with the ASF and the new FCPR (Fonds Commun de Placement a Risque) private venture capital framework, provides multiple funding pathways for entrepreneurs targeting these niches.

Building the Talent Pipeline: Skills Centers and Vocational Training

You cannot build a cybersecurity startup ecosystem without cybersecurity talent. Algeria has launched several programs to address the skills gap:

Additional centers have since opened in Annaba, Chlef, and Oran, with plans for gradual expansion across all provinces. The Setif center is particularly notable for being housed in former Algerie Telecom premises — a signal that the telecom operator is actively contributing physical infrastructure to the ecosystem.

The 2025-2029 National Cybersecurity Strategy: Sectoral Opportunities

The National Cybersecurity Strategy for 2025-2029, adopted via Presidential Decree 25-321 on December 30, 2025, creates specific market opportunities through its sector-specific mandates:

Funding Ecosystem: Multiple Pathways

Algeria’s startup funding landscape has matured significantly, offering cybersecurity entrepreneurs multiple capital sources:

Lessons from Other Markets

Algeria is not the first country to create a regulatory-driven cybersecurity market. Several parallels offer lessons:

Saudi Arabia’s NCA Framework. The National Cybersecurity Authority’s Essential Cybersecurity Controls (ECC) created a surge in demand for local cybersecurity services. The NCA also established a Cybersecurity Accelerator program specifically to stimulate the local cybersecurity startup ecosystem, combining regulatory mandates with direct startup support. Algeria’s decree follows a similar structural logic.

Singapore’s Cybersecurity Act. Singapore mandated cybersecurity obligations for critical information infrastructure operators across sectors including energy, banking, healthcare, and transport. The act created a thriving cybersecurity services industry. Algeria can study Singapore’s approach to public-private partnerships in cybersecurity.

European Union’s NIS2 Directive. The NIS2 Directive expanded cybersecurity obligations to a broader set of sectors and required member states to establish national cybersecurity strategies. The directive has driven significant growth in managed security services across the EU.

The common pattern: regulatory mandates create demand, demand attracts investment, investment enables startups, and startups compete to deliver compliance and security capabilities. Algeria is at the beginning of this cycle.

Building a Cybersecurity Startup: Strategic Considerations

Service businesses can generate revenue immediately — the demand for risk assessments, compliance consulting, and security audits is already here. But services are labor-intensive, difficult to scale, and limited by the available talent pool. Revenue grows linearly with headcount.

Product businesses take longer to build and monetize but offer scalability. A compliance management platform, a threat intelligence feed, or a security awareness training system can serve hundreds of institutions without proportional headcount growth. The challenge is that product development requires upfront capital, engineering talent, and patience — typically 18 to 24 months before meaningful revenue.

The smartest approach may be hybrid: start with services to generate cash flow and build domain expertise, then productize the most repeatable elements of the service offering into software. Several global cybersecurity companies, including CrowdStrike and Rapid7, followed this trajectory.

• Tender requirements often favor established companies with multi-year track records. Startups may need to partner with or subcontract under larger firms initially.
• Payment cycles in the public sector can extend to 60 to 120 days. Startups must plan for working capital accordingly.
• Decision-making authority for cybersecurity procurement under Decree 26-07 now sits with the institution head (who oversees the cybersecurity unit), not the IT department. Startups must adjust their sales approach to target executive leadership.
• Proof of concept opportunities can be powerful entry points. Offering a free or low-cost initial assessment to demonstrate capability can build the trust needed to win larger contracts.

What VOLZ’s Exit Signals for Cybersecurity Startups

The Algeria Startup Fund’s first successful exit provides instructive lessons for cybersecurity entrepreneurs. ASF achieved a 3.35x return on its investment when VOLZ, a travel-tech startup founded in 2023, raised $5 million in a Series A in December 2025 — led by a consortium under Tell Group with participation from Groupe GIBA.

While VOLZ operates in travel technology rather than cybersecurity, the exit demonstrates several dynamics relevant to the cybersecurity sector:

Government-backed funds can generate returns. ASF’s 3.35x return proves that Algerian public-sector venture capital can work. The Algerie Telecom fund, structured similarly, should attract more ambitious proposals when founders see that exits are possible.

Series A capital is accessible. VOLZ’s $5 million raise shows that follow-on funding exists for Algerian startups that demonstrate traction. A cybersecurity startup that wins five to ten government contracts and demonstrates recurring revenue should be well-positioned for growth-stage investment.

Speed matters. VOLZ moved from ASF investment to Series A in approximately 18 months. In the cybersecurity market, where Decree 26-07 creates immediate demand, the window for establishing market position may be even shorter. First-movers who build reference clients and demonstrate compliance expertise will be difficult to displace.

Challenges and Expansion Potential

Competition from international vendors. Global cybersecurity companies like Fortinet, Kaspersky, and Palo Alto Networks already have established presence in Algeria through local distributors. Startups competing on product features alone will struggle; the winning strategy is to compete on localization, Arabic-language support, regulatory knowledge, and responsive service.

Talent retention. As demand for cybersecurity talent surges, startups will compete with the public sector, established firms, and international employers for the same limited pool of qualified professionals. Offering equity, flexible work arrangements, and growth opportunities may help startups attract talent that might otherwise leave Algeria.

Trust and track record. Public institutions may be reluctant to entrust cybersecurity to young companies without established track records. Building reference clients, obtaining international certifications (ISO 27001, SOC 2), and partnering with recognized global vendors can help overcome this trust gap.