The latest report by the Kenya Computer Incident Response Team (KE-CIRT/CC) revealed that they have so far intercepted 52 million cyber-attacks targeting critical infrastructure in Kenya during 2019 so far. This is an increase from 26 million incidents that were reported in 2018; marking a 100% increase in cyber-attacks in Kenya.

This data is an indicator that as the country continues to get a record number of new people online every year, the threat that is posed by the same technology continues to grow exponentially.

The trend is similar in many other parts of Africa where statistics reveal that there are few cyber security professionals but an increasing number of attacks targeting individuals and corporates. Most African countries operate under similar conditions to Kenya, and besides the target on critical infrastructure, there is a growing number of attacks targeted on individuals and corporates across Africa. Look at the following statistics:

ยท 80% of PCs in Africa are infected with viruses or malware.

ยท In 2014, it was reported that cybercriminal activities were increasing at a faster rate in Africa than anywhere else.

ยท The cost of cybercrime in Africa was estimated to be $3.5 billion in 2017.

ยท The proportion of pirated software in use in Africa stands at 58%. This is in consideration that a lot of malware is attached to pirated software.

ยท In 2012, cybercriminals used to be people trying to impress with their skills, or opportunists who chanced on a good moment. Today, cybercriminals are professionals.

ยท Financial institutions do not disclose the amount of money that they lose due to cyber-attacks, in an attempt not to scare away their clients.

Borderless criminals

The biggest challenge with cybersecurity as opposed to physical security is that the Internet does not have a geographical limitation, and thus attacks can come from any location on the planet. This therefore requires security standards that can guard against the most sophisticated attacks.

Even countries that seem not to be economically advanced, such as North Korea, have managed to stage some of the most brazen cyber-attacks in the world. The danger that Kenya and Africa faces is therefore global.

For the same reason, we are now seeing an increasing number of Kenyans being involved in cybercrime, many times targeting people from other countries. Earlier this year, FBI arrested Kenyans on allegations of being involved in Business Email Scams and fraudulently obtaining money from some American Counties. The challenge involves dealing with local cybercriminals who are targeting foreign countries as well as foreigners who are attacking Kenyans.

What Kenya should be doing

The Communications Authority of Kenya has been holding monthly fireside chats meant to educate various stakeholders on matters to do with cybersecurity, usually addressing contemporary matters that organizations want to ask. Besides that, the CA of Kenya has run the inaugural National Cybersecurity Conference in Kenya this week, further raising the awareness on the need for everyone to act. These are great steps for Kenya, and other African countries needs to follow suit.

It also means a focus on creating public awareness in a way that is measurable, so that there can be metrics to ascertain the level of cyber awareness and cyber hygiene among the members of the public. While everybody keeps saying that cybersecurity begins with each person before it works corporately, there is no one who is taking a direct responsibility of educating Kenyans. Maybe the Communications Authority needs to take up this role and come up with targets to be achieved every year measured on the cyber resilience index.

SMEs and big corporations also need to highly invest in educating their staff on how to guard against malware, phishing attacks, business email compromise or even on how to observer proper password hygiene. For banks and financial institutions, having good internal controls to guard against insider jobs is crucial. We also need to have more businesses focusing on cybersecurity, providing solutions that are tailored for the Kenyan context.

Perhaps, one place to start is by incorporating a cyber conscious culture right from primary schools. This way, children will grow up knowing that the digital space is not generally safe, but there are measures that can be employed to keep one safe.


In the past, no country ever attained a superpower status without a strong military. Today, it seems like the next superpowers could be those countries which will build strong cyber resilience. Kenya thus needs to be very proactive in ensuring that there are proper systems, legal frameworks and civic education.

Share this via: