Kenya’s digital economy is under unprecedented pressure from cybercrime, with financial losses mounting amid a surge in cyber threats. The Communications Authority of Kenya (CA) reported a staggering Sh2.54 billion ($19 million) cyber threat incidents between January and March 2025, marking a 201.7 percent increase from the previous quarter.
This surge exemplifies the rapid escalation of sophisticated cyberattacks targeting critical sectors including finance, telecommunications, and government agencies. Kenya ranks second in Africa in economic losses from cybercrime, with an $83 million loss reported in 2023, following Nigeria’s $1.8 billion.
The National Kenya Computer Incident Response Team – Coordination Centre (KE-CIRT/CC) also documented 4.5 billion cyber threat events between April and June 2025, an 80.7 percent jump from the prior quarter. These attacks include ransomware, distributed denial-of-service (DDoS), and AI-driven phishing scams, which increasingly rely on deepfake technology and social engineering.
In this challenging environment, Co-operative Bank of Kenya has upgraded its information security standards by achieving certification to the updated ISO/IEC 27001:2022 standard, signifying a commitment to advanced cybersecurity and data protection.
The certification was awarded by BSI following a thorough audit of the bank’s physical security, access controls, risk and change management, business continuity, and software development security.
“This milestone has enhanced our risk management, standardised information security policies organisation-wide, and strengthened our incident response capabilities,” said Charles Washika, Director ICT & Innovations. “The comprehensive controls we’ve implemented ensure regulatory compliance while reinforcing the trust our customers, partners, and regulators place in Co-operative Bank.”
As businesses increasingly rely on digital and cloud environments, BSI’s IMETA Sales and Commercial Director Ilias Karampoikis said, the certification demonstrates Co-op Bank has implemented critical measures to counter cyber threats, keeping pace with global best practices. “The global digital landscape is changing, with core business practices now increasingly cloud-based and digitally reliant. This focus on achieving digital trust is crucial in a world of technological transformation.”
Co-operative Bank previously made history in 2014 as the first bank in East Africa to receive ISO/IEC 27001 certification. The 2022 update reflects a holistic approach to emerging cyber risks, focusing on the confidentiality, integrity, and availability of sensitive information.
“We have continuously invested in strengthening our information security capabilities. In response to evolving cyber threats, we’ve scaled up our investments by acquiring cutting-edge security tools, hiring qualified cybersecurity experts, and implementing new systems to address all 93 ISO/IEC 27001 controls,” Washika explained.
As the pioneer ISO/IEC 27001-certified bank in East Africa, Co-operative Bank hopes to set the standard for data protection and regulatory compliance. This achievement, the officials said, fortifies its ability to serve global clients and aligns with Kenya’s broader digitization goals in financial services, reinforcing its role in safeguarding the nation’s digital economy.