Kenya has experienced a massive rise in cyberattacks, with a total of 2.5 billion threats recorded between January and March 2025. This marks a 201.7 percent increase compared to the 840.9 million threats detected in the final quarter of 2024. The new figures were released in the latest sector statistics report by the Communications Authority of Kenya (CA), which also highlighted growing vulnerability among Kenyan organisations and digital platforms.
According to the CA report, the sharp increase was largely caused by the rise in system vulnerability threats. These threats jumped from 752.4 million in late 2024 to over 2.47 billion in the first quarter of 2025. This surge has raised concerns among cybersecurity experts, especially as more Kenyan companies adopt digital systems for business operations.
Web application attacks also saw a noticeable rise, increasing by 11.8 percent. From 4.5 million threats in the last quarter of 2024, Kenya recorded 5.08 million web-based threats during the first three months of 2025. These attacks mostly target online platforms such as banking portals, e-commerce sites, and government websites that require users to input personal data.
In contrast, Distributed Denial of Service (DDoS) attacks — where hackers flood a website with traffic to make it crash — saw a major drop. The report shows a reduction from 15.1 million cases at the end of 2024 to only 4 million in early 2025. This decline suggests that some preventive measures may be working in curbing this type of cyber threat.
Similarly, the CA noted that malware attacks and brute-force attempts to crack passwords also dropped during this period. Despite this positive trend, the overall threat level remains high, with cybercriminals shifting focus to more advanced and targeted attack methods.
In response to the surge in threats, the Communications Authority issued 13.2 million security advisories to businesses and institutions across Kenya. This represents a 14.2 percent increase from the 11.6 million advisories issued in the previous quarter. The advisories included warnings and recommendations on how to respond to various cyberattack methods, such as malware, brute-force login attempts, DDoS, and mobile application vulnerabilities.
The CA advised companies to take cybersecurity seriously and invest in strong digital protection systems. Many Kenyan organisations, especially in financial services, retail, education, and healthcare, have been identified as high-risk targets due to their reliance on web-based platforms and data-driven operations.
The report also showed that the broader ICT sector in Kenya continues to grow steadily, even in the face of these threats. The CA noted that there was an increase in active mobile phone subscriptions, mobile money users, mobile data usage, and broadband subscriptions. This growth has been partly driven by effective customer retention strategies adopted by telecom operators and internet service providers.
However, experts warn that the growth in digital adoption must be matched with equal investment in cybersecurity. As more services go online, the potential for data breaches and system attacks also rises. They recommend that businesses adopt regular software updates, two-factor authentication, data encryption, staff training on phishing risks, and real-time threat monitoring tools.
The Communications Authority has assured the public that it will continue working with private sector players and government agencies to improve the country’s digital security environment. They added that the Authority’s National Cybersecurity Centre remains active in monitoring threats and issuing early warnings to prevent attacks before they cause serious damage.
Kenya’s digital economy is expanding quickly, with more citizens and businesses going online for services, shopping, and payments. But the increased cyber threats suggest that cybersecurity must now be seen as a critical part of national development.
