Staggering Economic Toll

Kenya's economy is losing at least Ksh4 billion annually to cybercrime, a figure that highlights the significant and growing threat posed by digital criminals to the nation's development agenda. The announcement was made by Dr. Raymond Omollo, the Principal Secretary for Interior and National Administration, on Tuesday, 25 November 2025, during the Third African Forum on Cybercrime and Electronic Evidence in Nairobi. "As a country, we recognize how technology has made accessing public services easier, but there are also elements who use it to commit crime," PS Omollo stated, framing the challenge as a critical national security and economic issue.

The financial losses stem from a wide array of malicious activities, including direct theft from financial accounts, ransomware attacks on businesses, and fraud targeting mobile money platforms. According to a 2024 report from the Communications Authority of Kenya (CA), the country's cybercrime losses were the second highest in Africa in 2023, trailing only Nigeria. The report noted that businesses and government agencies affected by cyber-attacks spent an average of Ksh561 million ($4.35 million) to restore their services after a breach.

A Nation Under Digital Siege

The scale of the threat is immense. The National Kenya Computer Incident Response Team – Coordination Centre (KE-CIRT/CC) detected a staggering 4.5 billion cyber threat events between April and June 2025 alone, an 80.7% increase from the previous quarter. These threats are not abstract; they have tangible consequences. PS Omollo cited a recent incident where a coordinated cyberattack disrupted key government services across multiple ministries for nearly half a day, demonstrating the vulnerability of the nation's critical infrastructure. This follows a similar, more prolonged attack two years prior that affected the eCitizen portal for almost 48 hours.

The most common forms of cybercrime plaguing Kenyans include phishing, malware, ransomware, and smishing (text message-based phishing). A May 2025 report by TransUnion revealed that 82% of Kenyans were targeted by fraudsters in the latter half of 2024, with the average financial loss per victim reaching Ksh116,000 ($897). The financial sector remains a prime target, with mobile banking fraud accounting for KES 810.7 million in losses in 2024, according to the Central Bank of Kenya's 2024 Financial Sector Stability Report.

Government Fortifies Digital Defences

In response to the escalating threats, the Kenyan government is bolstering its cybersecurity framework. A key component of this strategy is the National Computer and Cybercrimes Coordination Committee (NC4), a multi-agency body chaired by PS Omollo. Established under the Computer Misuse and Cybercrimes Act of 2018, the NC4 is mandated to coordinate a national response to cyber threats, from detection and prevention to investigation and prosecution. The committee brings together high-level representatives from the ministries of Interior and ICT, the Attorney-General, the Kenya Defence Forces, the National Police Service, and the National Intelligence Service, among others.

The government is also aligning its legal framework with international standards, seeking accession to the Budapest Convention on Cybercrime and the African Union's Malabo Convention. Recent amendments to the Computer Misuse and Cybercrimes Act, assented to by President William Ruto in October 2025, have expanded the NC4's powers and introduced stricter penalties for offences like cyber harassment, which can now attract a fine of up to Ksh20 million or a 10-year prison sentence.

The Broader Context for Kenya and East Africa

Kenya's struggle with cybercrime is emblematic of a broader challenge across East Africa, where rapid digitalisation has outpaced the implementation of robust security measures. As the region's digital economy grows—with Africa's overall e-economy projected to contribute $180 billion by 2025—the financial incentives for criminals are also increasing. The rise of mobile money and digital banking has made individuals and financial institutions in countries like Kenya, Uganda, and Tanzania prime targets. The interconnected nature of these threats necessitates a coordinated regional response, a key theme of the Nairobi forum where PS Omollo delivered his remarks. The forum, supported by the European Union, focused on building capacity for judges, prosecutors, and investigators from over 35 countries to handle electronic evidence and prosecute complex cybercrimes effectively. This collaborative approach is deemed essential to safeguarding the future of East Africa's digital economy from the persistent and evolving threat of cybercrime.