As Microsoft prepares to cease free security updates for its Windows 10 operating system on Monday, October 14, 2025, a significant number of Kenyan computer users could find themselves exposed to increased cyber-attacks and scams. While specific figures for Kenya are unavailable, a survey by Which? in the UK indicated that one in four Windows 10 users intend to continue using the system despite the increased risk of viruses and malware. This global trend highlights a potential vulnerability for Kenyan users who may not upgrade their systems.

The end of free support means that devices running Windows 10 will no longer receive crucial technical assistance, software updates, or security fixes, making them more susceptible to exploitation by cybercriminals. Outdated operating systems are a significant cybersecurity risk, as they often contain unpatched flaws that attackers can exploit to gain unauthorised access, disrupt operations, or steal sensitive data.

Rising Cyber Threats in Kenya

Kenya has experienced a significant increase in cyber threats. The Communications Authority of Kenya (CA) reported a staggering 840.9 million cyber threats detected between October and December 2024, marking a 27.2% increase from the previous quarter. System vulnerabilities accounted for the majority of these threats, with 752.4 million cases, reflecting a 28.9% rise. These attacks often target outdated operating systems and exploit leaked user login credentials.

The National Kenya Computer Incident Response Team – Coordination Centre (National KE-CIRT/CC) attributed this surge to the growing sophistication and frequency of cybercriminal activities, including the proliferation of insecure Internet of Things (IoT) devices and the use of artificial intelligence (AI) by threat actors. The ICT sector, including Internet Service Providers (ISPs) and Cloud Service Providers, has been a primary target for these attacks.

Policy and Governance Frameworks

The Kenyan government has recognised the escalating cyber threats and launched the National Cybersecurity Strategy (2022-2027) as a roadmap to address these challenges. This strategy aims to create a trusted information environment in Kenya by establishing robust governance structures, strengthening policy and legal frameworks, and enhancing the protection of critical information infrastructure. The strategy also emphasises cultivating a skilled cybersecurity workforce and fostering international cooperation.

In October 2025, the government further released updated guidelines on password storage and cybersecurity as part of its broader National Cybersecurity Strategy 2025–2029. These guidelines recommend advanced techniques like hashing, salting, peppering, and key stretching to protect passwords, moving away from dangerous plain text storage.

Stakeholder Perspectives and Solutions

Cybersecurity experts and government agencies consistently advise users to upgrade their operating systems to newer, supported versions like Windows 11. For those unable to upgrade, Microsoft offers an Extended Security Updates (ESU) program, which provides critical security updates for Windows 10 for up to three years, albeit at a cost. The ESU program costs $61 (approximately KES 8,800) per device for the first year, doubling annually.

Alternatively, users can consider migrating to free, open-source operating systems like Linux, which can extend the lifespan of older hardware and offer enhanced privacy. The Communications Authority of Kenya (CA) and the National KE-CIRT/CC regularly issue advisories and recommendations to mitigate cyber risks, including keeping software updated, using strong passwords and multi-factor authentication, and hardening firewall configurations.

Unanswered Questions and Next Steps

While the risks are clear, the exact number of Kenyan individuals and organisations still relying on Windows 10 remains unknown. There is also uncertainty regarding the awareness levels among the general public about the impending end of support and the associated cybersecurity implications. The cost of the ESU program or upgrading to Windows 11 could be a barrier for many, particularly individuals and small businesses.

Kenyans are urged to take proactive steps to secure their digital environments before Monday, October 14, 2025. This includes checking their operating system version, exploring upgrade options, or enrolling in the ESU program if an upgrade is not immediately feasible. The government and cybersecurity organisations are expected to continue their efforts in public awareness campaigns and providing guidance on mitigating these evolving cyber threats.