Kenya recorded more than three billion cyber-attack attempts targeting government systems, digital infrastructure and cloud-based services in just three months.
This highlights the growing threat posed by cybercriminals as the country accelerates its digital transformation.
The alarming findings are contained in a new report by the National Computer and Cybercrime Coordination Committee (NC4), which warns that cyber threats are becoming increasingly sophisticated and widespread across the country.
According to the report, cybercriminals exploited vulnerabilities in various systems, resulting in a rise in offences linked to digital payments, identity theft, computer fraud, cyber harassment and unauthorized access to computer systems.
The report comes at a time when Kenya is rapidly expanding digital government services, online banking, mobile money platforms and e-commerce systems, making cybersecurity a critical national concern.
Presenting the report to the Ministry of Interior, NC4 noted that government institutions, cloud services and key sectors of the economy remain prime targets for cyber attackers seeking to steal data, disrupt services or commit financial fraud.
Keep Reading
The report identifies Nairobi as the country's cybercrime hotspot, recording the highest number of reported incidents.
Other regions with significant cybercrime cases include Nyanza, Eastern, Rift Valley, Central, Coast and Western regions.
According to NC4, Nairobi recorded high incidences of intentionally withholding electronic payments delivered in error, unauthorized access to computer systems, identity theft, impersonation, computer fraud and cyber harassment.
The committee attributed Nairobi's dominance in cybercrime statistics to its high concentration of public and private institutions, extensive internet connectivity and the large volume of digital financial transactions conducted daily.
In Nyanza, cyber harassment emerged as the most commonly reported offence.
Authorities also recorded cases involving identity theft, unauthorized access to computer systems, fraudulent use of electronic data and possession of illegal devices and access codes.
The region further reported incidents involving child pornography and the withholding of electronic messages delivered erroneously.
Meanwhile, the Eastern region registered significant cases of computer fraud, cyber harassment and unauthorized access to computer systems with the intention of committing further offences.
Although Rift Valley recorded a decline in computer fraud compared to the same period last year, authorities noted a rise in cases involving cyber harassment and the non-consensual distribution of intimate images.
The Central region reported offences including computer forgery, identity theft, impersonation, cyber harassment and child pornography, while Coast and Western regions recorded increasing cases of cyber harassment and unauthorized interference with computer systems.
Speaking while receiving the report, Principal Secretary for Internal Security and National Administration Raymond Omollo said the findings underscore the urgent need to strengthen Kenya's cybersecurity framework.
“The report comes at a pivotal moment following Parliament's approval of the National Cybersecurity Agency, which will be a great support to the country in enhancing coordination, protection of critical information infrastructure and response to evolving cyber threats,” said Omollo.
The establishment of the National Cybersecurity Agency is expected to strengthen coordination among government agencies and improve the country's ability to detect, prevent and respond to cyber threats.
NC4 said it plans to engage critical sectors, including banking, mobile network operators, aviation and energy providers, to strengthen cybersecurity systems and improve resilience against attacks.
The committee also disclosed that it is developing a Rapid Reference Guide to standardize investigations and streamline the prosecution of cybercrime cases.