Kenya lost a staggering $83 million (Sh10.71 billion) to cybercrime in 2023, according to the Communications Authority of Kenya, placing it as the second most impacted country in Africa.
Nigeria topped the list with a reported $1.8 billion (Sh232.2 billion) in losses, followed by Uganda with $67 million (Sh8.6 billion), Botswana with $39 million (Sh5 billion), and Lesotho with $2.3 million (Sh296.7 million).
Businesses and government agencies in Kenya spent an average of Sh561 million ($4.35 million) each on recovery from cyber incidents.
The recent cybersecurity report from the National KE-CIRT/CC indicates that cyber threats in Kenya have surged, with 1.1 billion threats detected from April to June 2024, a 16.5% increase from the prior quarter.
The National Kenya Computer Incident Response Team Coordination Centre (KE-CIRT/CC) is responsible for the country’s cybersecurity defense, detection, and response efforts.
David Mugonyi, Director General of the Communications Authority, highlighted that cybercriminals are increasingly exploiting system vulnerabilities, such as those found in outdated software, insecure Internet of Things (IoT) devices, and misconfigured systems. Emerging technologies, including AI, have also expanded the attack surface, he noted.
“Cybercriminals are using identity theft and phishing schemes to deceive victims into divulging sensitive information, resulting in significant financial losses. Online abuse, such as cyberbullying and harassment, has also become common,” Mugonyi added.
To counteract the rising cyber threat, the Kenyan government is consolidating all cybersecurity units across ministries and agencies into a unified national body.
This consolidation will include updates to the National Cybersecurity Strategy and amendments to the National ICT Policy to address rapidly evolving cyber risks.
The government’s strategy, introduced in 2022, aims to enhance cybersecurity governance, strengthen legal frameworks, and foster collaboration at both national and international levels to reduce cyber risks and improve the handling of cybercrime cases.
Mugonyi confirmed ongoing partnerships with local and international organizations to enhance the legislative framework and promote a swift response to cyber incidents.