Saccos Losing Billions to Attackers Due to Lax Cyber-security Practices


cybercrimeEarlier yesterday, Serianu, a cybersecurity firm released the Sacco Cybersecurity Report for 2018. The report, which highlighted several numbers regarding the state of internet security in Saccos, was motivated by the need to offer an insightful roadmap about the specific measure that existing Saccos need to implement in order to remain competitive in coming days,

According to the report, over 95 per cent of organizations in Africa operate below the cybersecurity poverty line. This has made the institutions a new target for cybercriminals, especially in the Kenyan market where Saccos manage more than KES 443 billion.

“Based on the sheer market size and value of processed transactions within Saccos, our projections indicate that attacks targeting Saccos will double in the next year,” highlighted Serianu.

The report examined 100 Kenya-based Saccos to identify the exact pain points facing the financial institutions and design procedures to address the affected groups.


Almost 97% of Kenyan Saccos spend less than KES 1,000,000 in their cybersecurity budgets. The same number of Saccos have severe cybersecurity skills shortage, especially in mid and senior levels.

83% of the sampled Saccos have adopted an in-house cybersecurity solution, a worrying trend considering the aforementioned skills shortage. It has also been noted that the demand for cybersecurity experts is high in the banking sectors, followed by insurance and Saccos. Critical skills shortage continues to be seen in Saccos and by extension, the insurance industry.

What is more, 64% of these institutions do not retain their talent, and only do so when a cybersecurity incident occurs.

It has also been noted that up to 38% of local-based Saccos allow Bring Your Own Device (BYOD) policies. Without proper cybersecurity practices, BYOD increases the number of attack channels that a hacker would leverage to gain access into a Sacco.

Lastly, only 40 per cent of Kenyan Saccos are taking advantage of cloud services to improve business operations.

According to Serianu, digitization and mobile usage have been a threat to Saccos as attacks can take advantage of improper SSL pinning, dangerous APIs and cryptographic vulnerabilities to launch attacks on their targets. Furthermore, Serianu reports that server vulnerabilities have increased intrusions that have allowed attackers to steal millions of shillings.


Serianu is urging Saccos to support and grow in-house cybersecurity talent, as well as committing to building an expert team from junior levels to senior management.