Kenya’s Cyber Threats Surge 441% in Three Months as Defence Gap Widens

Kenya’s cyber landscape has entered a tipping point, with the Communications Authority reporting 4.6 billion threat events in the last quarter of 2025 – a 441% increase from the prior period. The acceleration is most pronounced in Distributed Denial‑of‑Service attacks, which surged over 1,100%, outpacing any other vector. Analysts link this spike to the proliferation of AI‑enabled hacking tools, inadequate patching practices, and limited user awareness of social‑engineering tactics, creating a perfect storm for attackers.

The ramifications extend beyond technical concerns, striking at the heart of Kenya’s burgeoning fintech sector. M‑PESA alone processes more than 100 million transactions daily, and the country’s payments ecosystem is projected to reach $1.5 trillion by 2030. Yet the advisory response to threats remains disproportionately low – only 1.34 million advisories addressed out of 21.8 million issued. This mismatch amplifies financial risk, especially after a reported $83 million loss to cybercrime in 2023, positioning Kenya as Africa’s second‑most affected nation after Nigeria.

Policymakers and industry leaders must close the advisory gap by adopting multi‑factor authentication, enforcing rigorous patch‑management policies, and scaling up AI‑driven detection capabilities. Regional cooperation, such as shared threat intelligence platforms, can also bolster resilience. As digital adoption accelerates, Kenya’s ability to align regulatory response with threat velocity will determine whether its fintech ambitions remain a growth engine or become a liability.