Kenya’s cybersecurity agency recorded 4.6 billion cyber threats between April and June 2025, an 80.8% increase from the previous quarter’s 2.5 billion detections.
The surge follows major upgrades to monitoring systems at the Kenya Computer Incident Response Team (KE-CIRT/CC).
A report from the Communications Authority shows system vulnerabilities accounted for 4.49 billion cyber threats, up 81.9% from the previous period. Distributed Denial of Service attacks rose 255.6%, while web application attacks increased 150.8%.
The authority attributes the jump primarily to enhanced monitoring capabilities rather than a sudden spike in criminal activity. “The increase is a reflection of improved visibility, not just a rise in malicious actors,” the CA stated.
Cybersecurity experts say the numbers reflect two factors: Kenya’s expanding digital footprint creates more targets, while upgraded detection systems now catch threats that previously went unnoticed.
READ: Study Shows Women Less Likely to Secure Phone With Passwords
Cloud services, digital payments, and mobile broadband adoption have all grown rapidly, increasing potential attack points.
The threat landscape has immediate consequences for businesses and consumers. Companies face pressure to increase cybersecurity spending, implement real-time monitoring, and train staff on phishing and ransomware risks.
For consumers in a country where mobile money penetration reaches 91%, risks include data theft, account compromise, and digital payment fraud.
KE-CIRT issued 157 cybersecurity advisories during the quarter, a 30.6% increase aimed at government agencies, corporations, and the public.
However, industry experts have warned that advisories alone are insufficient. Kenya needs stronger incident reporting frameworks, better collaboration between telecom companies, banks, and internet service providers, and policies addressing emerging threats like AI-powered attacks.
READ: Kenya Commits to Annual Youth Forum on Cybersecurity and AI
The immediate challenge is translating awareness into action through proactive defenses, cybersecurity workforce development, and ensuring digitization doesn’t compromise national security.
