⚡ Key Takeaways

Algeria intercepted more than 70 million cyberattacks and blocked over 13 million phishing attempts in 2024, ranking 17th globally among most-targeted nations. Presidential Decree 26-07 (January 2026) now mandates dedicated cybersecurity units in every public institution, and the 2025-2029 National Cybersecurity Strategy gives institutions a concrete blueprint to convert that measured attack volume into detection and response capacity.

Bottom Line: Algerian CISOs and public-sector IT directors should treat Decree 26-07 as a detection-capability blueprint — standing up the cybersecurity unit as a separate reporting line, building a living threat map, and rehearsing the ASSI handoff before an incident.

Read Full Analysis ↓

🧭 Decision Radar

Relevance for Algeria
High

Decree 26-07 directly mandates cybersecurity units across all Algerian public institutions, and the 2024 attack telemetry applies nationally to banking, healthcare, energy, and government systems.
Action Timeline
Immediate

The decree is already in force as of January 2026, and public institutions must form units now — the next 6-12 months determine whether they become real detection capabilities or compliance shells.
Key Stakeholders
CISOs, public-sector IT directors, security analysts, banking and energy operators
Decision Type
Strategic

This shapes how an institution structures, staffs, and governs its entire detection and response function for the 2025-2029 strategy period.
Priority Level
High

Detection and response capacity directly protects Algeria’s critical services, and the legal mandate plus measured attack volume make near-term action essential.

Quick Take: Treat Decree 26-07 as a detection-capability blueprint, not a checkbox. Stand up the cybersecurity unit as a separate reporting line, build a living threat map from your own telemetry, rehearse the ASSI handoff before an incident, and fund analysts before tooling. The 2024 baseline shows exactly where to start: phishing and email defense.

Advertisement

A Measured Baseline Becomes a Building Block

In cybersecurity, the institutions that improve fastest are usually the ones that already measure what is happening to them. Algeria starts its 2026 capability buildout from an unusually clear baseline. According to Kaspersky’s 2024 telemetry reported by Algérie 360, security solutions operating in the country intercepted more than 70 million cyberattacks across 2024, while blocking over 13 million phishing attempts — a 17% year-on-year increase — and neutralizing nearly 750,000 malicious email attachments.

Those numbers are not a warning so much as a measurement. Every intercepted attack is a signal that was detected, classified, and stopped — which means the underlying telemetry already exists. The strategic question for 2026 is no longer whether Algeria is a target; the 17th-place global ranking among most-targeted nations settles that. The question is how to convert a high volume of intercepted events into a national capability for anticipating the next wave. That is precisely what the new legal architecture is designed to enable.

Two Decrees That Turn Strategy Into Operations

The policy foundation arrived in two deliberate steps at the turn of 2026. On December 30, 2025, President Abdelmadjid Tebboune signed Presidential Decree No. 25-321, formally approving the National Cybersecurity Strategy 2025-2029. One week later, on January 7, 2026, Presidential Decree No. 26-07 established the operational framework for cybersecurity inside public institutions, and was published in the Official Gazette on January 21, 2026.

The design choice in Decree 26-07 is what makes it operationally significant. It mandates that every public institution stand up a dedicated cybersecurity unit — structurally separate from IT management — reporting directly to the head of the organization. These units are tasked with designing threat maps, deploying remediation plans, and coordinating incident response with ASSI, the Agence de la Sécurité des Systèmes d’Information, which operates under the Ministry of National Defense and has run Algeria’s national cybersecurity framework since 2020.

When the strategy was presented on March 4, 2026 by Major General Abdeslam Belghoul, Director General of ASSI, it was organized around four strategic objectives: reinforcing the resilience of national information systems, developing a supportive national cybersecurity ecosystem, cultivating qualified human resources through structured training, and consolidating national and international cooperation. The earlier Presidential Decree 20-05 had already institutionalized Chief Information Security Officer roles across state bodies, so the 2026 framework builds on a CISO function that already exists rather than inventing one from scratch.

Advertisement

What Algerian security teams should do

The strategy and decrees set the destination. The work for the next twelve months belongs to the security leads, CISOs, and newly-formed cybersecurity units inside Algeria’s public institutions, banks, healthcare providers, and energy operators. Five moves turn the framework into measurable detection strength.

1. Build the threat map Decree 26-07 requires as a living detection model, not a one-time document

Decree 26-07 explicitly tasks each cybersecurity unit with designing a threat map. Treat that requirement as the foundation of a detection program rather than a compliance artifact. Inventory every internet-facing asset, map it to the attack patterns Algeria actually faces — the 13 million phishing attempts and 750,000 malicious attachments Kaspersky measured in 2024 tell you where to concentrate first — and assign each mapped risk a named owner and a detection rule. A threat map that is regenerated quarterly against fresh telemetry becomes a detection model; one filed once and forgotten is just paperwork. Do not let the document become the deliverable.

2. Stand up the cybersecurity unit as a separate reporting line, exactly as the decree specifies

The decree’s most important design feature is structural: the unit reports to the head of the organization, not to the IT director. Honor that separation. When detection and response sit inside IT operations, incidents that implicate IT’s own systems or decisions get under-reported. A unit that answers directly to the institution’s leadership can escalate without conflict of interest. Staff it with at least one analyst whose full-time job is monitoring, not a network engineer detecting attacks between other tasks. The 17% year-on-year rise in blocked phishing means the alert volume is climbing, and a part-time owner will miss the signal that matters inside the noise.

3. Wire every unit into ASSI coordination before an incident, not during one

Decree 26-07 requires coordination with ASSI on incident response. Build that channel while it is calm. Establish the named point of contact, confirm the escalation thresholds, and run at least one tabletop exercise that exercises the ASSI handoff end to end. The agency has operated the national framework since 2020 and is the operational arm for incident coordination, vulnerability disclosure, and product certification — so a unit that knows the playbook in advance recovers faster. The worst time to exchange first emails with a national coordinator is at hour two of a live intrusion.

4. Prioritize phishing and email defense, because that is where the measured volume lives

The 2024 telemetry is unambiguous about the dominant vector: phishing and malicious attachments together account for tens of millions of intercepted events. Concentrate early detection investment there. Deploy email authentication (DMARC, SPF, DKIM) across every domain, enable attachment sandboxing, and pair the technical controls with phishing-simulation training for staff. Algeria’s data-protection obligations under Law No. 18-07 reinforce the case for hardening the channels through which personal data most often leaks. Do not spread a thin budget evenly across every theoretical risk when the data shows where the volume concentrates.

5. Invest in the analysts now, while the training pipeline is expanding

The strategy’s third objective — cultivating qualified human resources through structured training and education — is the constraint that determines whether the first four moves work. Detection tools generate alerts; people triage them. Use the strategy’s training emphasis as cover to fund certifications (the CISSP and CEH tracks Algerian institutions are already building toward) and to retain the analysts you train. A detection capability is only as strong as the team reading the dashboard at 2 a.m. Budget for headcount and retention before the tooling, not after.

The Structural Lesson

Algeria’s 2026 cybersecurity posture is best read not as a response to a crisis but as the deliberate institutionalization of a capability. The 70-million-attack figure is frequently quoted as alarming, yet its more useful reading is that the national sensing apparatus is already working — those attacks were seen and stopped. What the 2025-2029 strategy and Decree 26-07 add is the organizational machinery to make that sensing systematic, accountable, and connected to a national coordinator. The structural insight for every institution is that detection strength is built from governance choices as much as from technology: a separate reporting line, a living threat map, a rehearsed ASSI handoff, and a funded analyst team will outperform any tool deployed without them. The institutions that treat the next twelve months as a buildout — converting an exceptionally clear baseline into repeatable detection and response — are the ones that will be measuring their own resilience by 2029, not just their attack volume.

Follow AlgeriaTech on LinkedIn for professional tech analysis Follow on LinkedIn
Follow @AlgeriaTechNews on X for daily tech insights Follow on X

Advertisement

Frequently Asked Questions

What does Algeria’s Decree 26-07 actually require institutions to do?

Presidential Decree No. 26-07, signed January 7, 2026 and published in the Official Gazette on January 21, 2026, requires every public institution to create a dedicated cybersecurity unit that is structurally separate from IT management and reports directly to the head of the organization. These units must design threat maps, deploy remediation plans, and coordinate incident response with ASSI, the national Information Systems Security Agency.

How serious is the cyber threat to Algeria based on the 2024 data?

According to Kaspersky’s 2024 telemetry, security solutions in Algeria intercepted more than 70 million cyberattacks, blocked over 13 million phishing attempts (a 17% year-on-year rise), and neutralized nearly 750,000 malicious email attachments. Algeria ranked 17th globally among the most-targeted nations, which makes systematic detection and response a near-term operational priority rather than a long-term concern.

Where should an Algerian security team focus its first investments?

The 2024 data points clearly to phishing and email-borne threats as the dominant vector, so email authentication (DMARC, SPF, DKIM), attachment sandboxing, and staff phishing-simulation training deliver the highest early return. In parallel, teams should establish their ASSI coordination channel before an incident and fund analyst headcount and certifications, since detection tooling is only as effective as the people triaging its alerts.

Sources & Further Reading