A dangerous silence has descended over Kenya’s corporate landscape. Behind the closed doors of boardrooms and server rooms, a digital pandemic is bleeding the economy, aided and abetted by a culture of fear that prefers to pay the ransom rather than admit the breach.

A damning new report by cybersecurity giant ESET has ripped the veil off this hidden crisis. [...](asc_slot://start-slot-3)The findings reveal that while global ransomware attacks have surged by a terrifying 40 percent in the second half of 2025, Kenyan victims are increasingly choosing to suffer in silence. This lack of reporting is creating a statistical mirage, making the country appear safer than it actually is while leaving it defenseless against the next wave of attacks.

The Price of Reputation

"Ransomware incidents in Kenya are often handled quietly," explains Allan Juma, ESET’s Lead Cyber Security Engineer. [...](asc_slot://start-slot-5)"This results in fewer public disclosures and makes it difficult to quantify the full extent of ransomware activity in the country." The motivation is clear: fear of reputational damage, regulatory fines, and loss of customer trust. But this secrecy comes at a steep national cost.

By hiding these attacks, Kenyan companies are denying the ecosystem the critical intelligence needed to build defenses. The "culture of silence" means that the same attack vectors—whether it be phishing emails or unpatched vulnerabilities—can be used repeatedly by syndicates like Akira and Qilin to target multiple organizations without warning.

• The Deepfake Threat: It is not just ransomware. The report highlights a disturbing rise in AI-powered fraud, specifically deepfake videos used to impersonate CEOs and government officials. [...](asc_slot://start-slot-7)These sophisticated scams are bypassing traditional security checks, leading to massive financial losses.
• The Nomani Trap: The report also flags the "Nomani" investment scam, an HTML-based fraud scheme that has grown by 62 percent globally. Kenyan investors, lured by promises of quick returns, are falling victim to these high-quality, AI-generated phishing sites in record numbers.

A Call to Action

The warning from ESET is stark: obscurity is not security. As long as Kenyan businesses treat cyberattacks as a shameful secret rather than a crime to be reported, the attackers will hold the upper hand. The country is fighting a 21st-century war with a mindset from the 1990s.

Experts are now calling for mandatory reporting laws similar to those in the EU, forcing companies to disclose breaches. [...](asc_slot://start-slot-9)Until then, the true scale of Kenya's cyber crisis will remain a terrifying unknown, measured not in police reports, but in the quiet, crippling transfer of billions of shillings to faceless extortionists.