Cyber Threats in Kenya Triple to 2.54 Billion in Just Three Months

Kenya’s cyber security space continues to experience massive threats, with the number of threats detected in Q3 of the 2024/2025 financial year increasing to 2.54 billion. 

This is according to the Third Quarter Sector Statistics Report for the Financial Year 2024/2025 (January-March 2025) released by the Communications Authority of Kenya (CA).

The report notes that this is a 201.7% increase from the previous quarter’s 840.9 million.

According to the report, system vulnerabilities accounted for the bulk of this increase, rising 228.3% to over 2.47 billion cases. These vulnerabilities are often exploited by cybercriminals to infiltrate networks, disrupt services, or steal sensitive data.

​​Although system vulnerabilities dominated the threat landscape, Kenya also recorded other forms of cyberattacks. Malware cases dropped by 27.6% to 24.5 million, while brute force attacks, which involve repeated attempts to guess passwords or encryption keys, declined slightly by 2.8% to 33.79 million incidents. 

Web application attacks also showed an upward trend, rising by 11.8% to 5.08 million cases, indicating growing risks to online platforms and services. Distributed Denial of Service (DDoS) attacks, which overwhelm systems to cause service disruptions, fell significantly by 75.6% to 3.67 million cases.

This comes at a time when Kenya is actively implementing its National Cyber Security Strategy 2022-2027, which outlines measures to counteract cyber threats. 

The five-year plan, launched by the Ministry of ICT and the Communications Authority, sets out a framework to strengthen the country’s cybersecurity posture by enhancing threat intelligence sharing, building national cyber capabilities, protecting critical infrastructure, and promoting a culture of cybersecurity awareness.

The strategy is grounded in five pillars: enhancing legal and regulatory frameworks, building capacity and public awareness, improving technical measures and cooperation, developing incident response capabilities, and establishing a governance structure for implementation. It also emphasises collaboration between government agencies, the private sector, academia, and international partners to create a resilient national cyberspace.

In response to the escalation of threats detected by CA, the National Kenya Computer Incident Response Team – Coordination Centre issued 13.23 million cyber advisories during the quarter, a 14.2% increase over the previous period.

These advisories targeted both individuals and institutions, urging heightened vigilance and adoption of protective measures. 

Experts warn that as Kenya’s digital economy matures, cybercriminals are taking notice and targeting businesses across the country, with significant financial consequences. 

According to Tony Anscombe, Chief Security Evangelist at global cybersecurity provider ESET, these threats aren’t isolated incidents – they represent a growing pattern of attacks against businesses who are unprepared to meet modern cybersecurity challenges.

Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke