The cybersecurity space in Kenya has witnessed a huge escalation in threats during Q3 of the 2024/2025 financial year, with detected cyber threats soaring to 2.54 billion.
Communications Authority reported that this is a 201.7% increase from the previous quarter’s 840.9 million, .
System vulnerabilities accounted for the bulk of this spike, rising 228.3% to over 2.47 billion cases according to the latest Sector Statistics Report.
Recorded cases were driven by the increasing complexity of digital infrastructure and heightened exposure to global cyber risks.
Other threats include:
- Malware: 24.5 million (down 27.6%)
- Brute force attacks: 33.79 million (down 2.8%)
- Web application attacks: 5.08 million (up 11.8%)
- DDoS (Distributed Denial of Service) attacks: 3.67 million (down 75.6%)
In response to the escalation in threats, the National Kenya Computer Incident Response Team – Coordination Centre (KE-CIRT/CC) issued 13.23 million cyber advisories during the quarter, which is a 14.2% increase over the previous period.
- Advisories related to system attacks rose 15.6% to nearly 6 million, mirroring the spike in vulnerabilities detected.
- Guidance on DDoS risks more than doubled, growing 158.8% to 776,772 advisories.
- Mobile application attacks advisories surged 61.2%, albeit from a low base, demonstrating the growing threats targeting smartphones and apps.
These advisories serve as critical early warnings for organizations and government entities, enabling them to apply patches, strengthen defenses, and educate users.
The sheer scale of cyber threats detected in Q3 signals a major stress test for the country’s digital ambitions. The more we push forward with initiatives like e-citizen services, mobile money expansion, and the larger digital transformation, the more the cybersecurity stakes grow.
Some of the challenges we face in improving the cybersecurity domain include:
- Legacy infrastructure that remains vulnerable despite modernization efforts.
- Resource gaps among small and medium enterprises that may lack dedicated cybersecurity teams.
- The increasing role of cloud computing, which, while transformative, introduces new security complexities.
- A growing need for public education on cybersecurity hygiene to reduce risks from phishing, weak passwords, and social engineering.
Our position as an East African technology hub makes it an attractive target for cybercriminals seeking financial gain or disruption.
To be fair, Kenya’s cybersecurity infrastructure has scaled up its capabilities, but the sheer volume of threats proves why organizations need to seriously invest in secure systems and continuous public awareness.
