Cybercrime cost Kenyan companies Sh15 billion

NAIROBI: The annual cost of cybercrime to Kenyan companies is estimated at Sh15 billion (USD146 million), a new study shows.

The study looking into the state of cybercrime in the country also revealed that over 70 per cent of Kenyans' businesses are exposed to cybercrime attacks.

"70 per cent of Kenyan businesses are vulnerable to cybercrime yet most of them remain ignorant of these vulnerabilities," partly reads the report carried out by cyber security consulting firm Serianu.

According to Serianu Managing Director William Makatiani, nearly all internet devices in the country's cyberspace are vulnerable to attacks, exposing more companies and individuals to the risk of malicious insiders and cyber criminals.

.

Keep Reading business

•  SIB partners with CISI to elevate professional standards and enhance financial advisory skills among staff
•  Angola ICT Minister: Invest in space industry to ensure a connected, peaceful Africa
•  NCPB sets in motion plans to compensate farmers for fake fertiliser
•  Governors reject revenue Bill, demand Sh439.5 billion allocation
•  Firm linked to fake fertiliser calls for arrest of Linturi, NCPB boss Premium

Makatiani pointed out that on average most medium sized organisations with over 70 employees have at least two vulnerable computer servers and up to fifteen infected computers that were already hacked into by cybercriminals.

"The most vulnerable businesses and home owners are those that have installed low cost home routers, Closed Circuit Television Systems and public email servers on their networks," noted Makatiani Wednesday during the unveiling of the "The State of Cyber security in Kenya" report.

Makatiani advised those working with such systems in their homes and office networks to work with cyber security exports to ensure they are not exposed.

He added that companies need to raise their degree of vigilance with the IT teams to invest more time and resources in auditing their entire systems and establishing modalities to reduce breaching incidences.

The amount lost due to such crimes is based on Serianu's estimates from their 2015 cyber security study where the firm reviewed publicly and privately available data from individual industries. It also incorporated interviews with business leaders and IT security practitioners.

Makatiani however noted that it was much harder to establish the extent of financial losses by the public sector.

"Unlike many governments, Kenya has not established any mechanisms to track and calculate the losses made by public sector organisations to cybercrime," he explained.

The study shows that the public sector was most affected having lost about Sh5 billion per year, followed by financial services standing sector at Sh4 billion.

Manufacturing and industries lost Sh3 billion while telecommunications, media and technology and other sectors losses stood at Sh2 billion and Sh1 billion respectively.

The report warns that security breaches have become more sophisticated, with many involving attacks from staff.

It adds that as a result of the emerging complications, the system downtimes caused by cybercrime attacks are getting longer with the average number of days to detect an attacks in many organisations totaling to 120 days, more than doubles the days it took one year ago.

The study was carried out in partnership with PKF consulting and United States International university- Africa.