Surge in Cyber Threats in Kenya (Q2 2025)

Nairobi — Kenya’s cyber‑threat landscape grew markedly in the second quarter of the 2024–2025 fiscal year, with the total number of detected cyber‑incidents jumping by 27.2 percent to reach 840.9 million, according to data released by the Communications Authority of Kenya (CA). allAfrica.com The surge underscores growing pressure on the nation’s digital infrastructure as online services and mobile platforms expand rapidly.
The CA’s report reveals that while malware incidents edged up slightly to 33.9 million, the real drivers of growth were system vulnerabilities, which surged by 28.9 percent to 752.4 million, and web‑application attacks rising by 29 percent. allAfrica.com In a dramatic spike, Distributed Denial of Service (DDoS) attacks climbed by 726.6 percent, reaching 15.1 million recorded incidents. allAfrica.com Mobile application attacks also increased by 17.4 percent, illustrating how threat actors are shifting their focus as Kenyan mobile usage deepens. In response, the national incident‑response team, Kenya Computer Incident Response Team – Coordination Centre (KE‑CIRT/CC), issued 11.6 million cybersecurity advisories during the quarter — an increase of 20.9 percent compared with the previous quarter. allAfrica.com
The reactions from public and private sector stakeholders have been swift. Enterprises operating in Kenya are being urged to shore up their defences, with particular emphasis on securing mobile‑apps and web‑facing systems. The rise in AI‑driven attacks, now flagged by the CA, has heightened concerns that traditional security measures may no longer suffice. allAfrica.com For ordinary consumers, the flood of advisories from KE‑CIRT/CC serves as a reminder that vigilance must extend beyond institutions. Mobile users and small businesses are being encouraged to adopt stronger passwords, apply timely software updates and monitor for suspicious activity.
Looking ahead, the Kenyan government and regulatory agencies face a pivotal moment. As digital adoption continues to accelerate — in sectors such as e‑commerce, fintech and mobile services — the resilience of national cybersecurity frameworks will be tested. Kenya must invest not only in detection and response capabilities, but also in raising cyber‑awareness across business and citizen communities. Failure to do so could hamper trust in the digital economy at a time when Kenya aspires to be a regional tech hub.