Kenya has witnessed a sharp rise in cyberattacks in the first quarter of 2025, with experts raising fresh concerns over the country’s growing vulnerability in the digital space. The Communications Authority of Kenya (CA) revealed that cyber threats rose by over 200 percent within three months, reaching a total of 2.5 billion between January and March 2025.
The new report, released by the CA, compared data from the last quarter of 2024, which had recorded 840.9 million cyber threats. The jump marks one of the highest quarterly increases Kenya has ever recorded, as technology adoption continues to deepen across various sectors.
The biggest concern is the spike in system vulnerability threats. These threats climbed drastically from 752.4 million in the final quarter of 2024 to over 2.47 billion in the first quarter of 2025. According to the authority, this development indicates that many organisations in Kenya are operating with outdated systems or weak cybersecurity frameworks, making them easy targets for cybercriminals.
In the same period, web application attacks also increased. The report showed an 11.8 percent rise in these threats—from 4.54 million to 5.08 million. These kinds of attacks are usually aimed at digital platforms such as government websites, online banking apps, e-commerce stores, and educational portals. These platforms often hold sensitive information like customer data, financial records, and login credentials.
Interestingly, not all forms of cyberattacks went up. Distributed Denial of Service (DDoS) attacks dropped significantly, going from 15.1 million in the previous quarter to 4 million. Malware and brute-force attacks also saw a reduction. This suggests that cyber attackers may now be focusing more on exploiting internal vulnerabilities than launching large-scale network disruptions.
In response to the rising threats, the CA issued 13.2 million advisories to organisations and individuals across the country. These advisories represented a 14.2 percent increase from the previous quarter’s 11.6 million warnings. The alerts offered guidance on how to protect systems from known threats, such as installing antivirus software, enabling two-factor authentication, and updating all software regularly.
The CA said the advisory notices covered various threats including malware, brute-force logins, DDoS risks, and mobile application weaknesses. It added that cybersecurity awareness remains low among many users, making it easier for attackers to exploit common mistakes.
Meanwhile, Kenya’s ICT sector continues to grow, driven by increased mobile data usage, broadband subscriptions, and mobile money adoption. The authority’s report noted that the number of active mobile users has continued to rise, thanks to aggressive customer retention campaigns by telecom operators.
However, the same digital boom has come with new risks. As more Kenyans rely on mobile phones for financial transactions and social interactions, criminals are also targeting the platforms for fraud, identity theft, and ransom attacks.
The Central Bank of Kenya (CBK) recently expressed concern over the rising cyber threats in the financial sector. Reports indicate that some banks have started mandatory security training for staff and are now enforcing tighter authentication measures to prevent customer data breaches.
Experts in the industry are advising businesses to treat cybersecurity as a key part of their operations. They recommend investments in cyber insurance, automated threat detection, biometric security systems, and regular audits of IT systems. Cybersecurity experts are also pushing for better laws that require mandatory reporting of data breaches and regular certification of cloud service providers.
To tackle the rising risks, the Communications Authority is planning to organise a national cybersecurity summit later in the year. The event is expected to bring together players from the private sector, government, and civil society. The summit will focus on best practices, regulation, and funding models to strengthen cybersecurity.
The CA also advised ordinary Kenyans to play their part by taking basic digital precautions such as avoiding suspicious links, updating their mobile apps, and installing trusted antivirus software.
As Kenya pushes forward with its Digital Economy Blueprint, the increase in cyber threats is a strong reminder that digital growth must go hand-in-hand with security. Without serious action, the same platforms meant to drive economic progress could become the country’s weakest point.
