Kenya’s cyber landscape is under siege, with businesses and government entities losing Sh10.71 billion ($83 million) to cybercrime last year—a crisis that now ranks the country as Africa’s second-most affected nation.
With attackers becoming increasingly brazen, the Communication Authority (CA) has sounded an alarm, unveiling fresh initiatives to consolidate cybersecurity defences across government agencies and bolster response strategies.
Statistics from the National Kenya Computer Incident Response Team Coordination Centre (KE-CIRT/CC), the country’s frontline cyber watchdog, reveal that every corner of Kenya’s economy—from financial services to manufacturing—faces cyber threats.
Director General David Mugonyi of CA reported the highest attack rates in financial services, government, telecommunications, education, fintech, hospitality, and manufacturing. Companies hit by cyber breaches, he added, faced a steep recovery cost averaging $4.35 million (Sh561 million) each.
Mugonyi underscored the unique nature of cyber threats targeting Kenya, stating, “The cost of cybercrime in Africa is staggering; last year Nigeria suffered losses amounting to $1.8 billion (Sh232.2 billion), Kenya $83 million (Sh10.71 billion), Uganda $67 million (Sh8.6 billion), Botswana $39 million (Sh5 billion), and Lesotho $2.3 million (Sh296.7 million). The average data breach in Kenya in 2023 was $4.35 million (Sh561 million).”
Read More
The CA is pushing for “localised solutions,” necessary to tackle threats specific to Kenya and its region—threats that often elude international frameworks.
"Likewise, digital progress demands consistent global efforts to secure the digital realm. This calls for strategic, technical, legal, policy, and security capabilities that transcend the sectors and borders," Mugonyi emphasised, pointing to critical areas like cyberespionage and cyberterrorism that demand uniquely Kenyan responses.
In a bid to unify Kenya’s cyber defences, the government has begun efforts to consolidate cybersecurity units from various ministries and semi-autonomous government agencies (SAGAs) into one powerful national unit.
This ambitious move, the Ministry of ICT and Digital Economy says, will help Kenya face the overwhelming cyber risks with a “whole-government” approach.
Currently, fragmented arms in different agencies have created a patchwork of defences that struggles to tackle the sophisticated cyber landscape.
Yunis Omar, the Director of Cybersecurity at the ICT Ministry, called for this unity, saying, “Cybersecurity, until recently, was being looked at in silos. For example, as a ministry, we have got several SAGAs like the communication authority, like the ICT authority, like the ministry itself that have been hosting independent cybercrime arms.”
The Ministry plans an amendment to the National ICT Policy and an overhaul of the National Cybersecurity Strategy, aiming to fortify Kenya’s security posture and to address emerging threats in a more unified and proactive manner. Omar revealed that the amendment process is ongoing.
“There is an amendment going on at the moment. We have actually the national ICT policy, and in it we have the national cybersecurity policy that’s being amended.”
Between April and June 2024 alone, KE-CIRT tracked a staggering 1.1 billion cyber threats against Kenyan targets—a figure that lays bare the scale and urgency of the issue.
The government’s consolidation plan aims to bring this relentless surge under control by establishing a single national force capable of rapid response and thorough threat management.
The CA continues to cultivate international partnerships to combat these transnational threats, especially against state-sponsored cyberattacks and cyberwarfare. Kenya’s cyber frontier demands agility, Mugonyi noted, to face evolving challenges in a digital age defined by both opportunity and peril.