Panic As Rise In Attacks And Losses From Cybercrime Hits Ksh 29.9 Billion

Serianu has released the 2025 cybersecurity industry report. The document, an analysis of responses from 280 respondents, shows that the degree, diversity, and intensity of cyberattacks rose consistently over the past year to reach Kshs 29.9 billion (USD 0.23 bn) in Kenya alone. According to the report, Africa-wide losses amounted to Ksh 650 billion (USD 5bn).

Themed From Risk to Resilience: AI and the Future of Cyber Risk Management, the new report is a data-driven analysis of the most prevalent threat scenarios and loss scenarios, highlighting the most affected sectors and the attack types that generate the highest economic impact.

It shows that payment fraud was the most frequent category, fueled by real-time transfers, weak transaction monitoring, and social engineering. This was closely followed by online and email fraud, representing 40% of total incidents and 32 % of total losses. The report points out that cyber attackers increasingly combine phishing, credential theft, and ransomware into hybrid operations targeting financial and governmental ecosystems.

Speaking during the official launch of the report, Hon. Mercy Wanjau, Secretary to the Cabinet, announced that the Kenyan Government is working to build a Government Security Operations Centre.

“This security operations centre (SOC) will bring together monitoring, analysis, and response across ministries, departments, and agencies. It will enable faster detection of incidents, more efficient communication during crises, and more consistent protection of citizen-facing services. The aim is to strengthen national coordination and ensure that government systems are defended as one,” she stated.

Hon. Wanjau added that as Kenya expands its digital public services to cover healthcare, education, taxation, and identity management, the onus to protect personal data remains the government’s priority.

“Citizens must know their information is secure, calling for the need to embed privacy-by-design in every new system and strengthen our ability to detect and respond to any breach. Trust is the currency of the digital age, and we must earn that trust every day”, she added.

In his remarks, Serianu Chief Executive Officer William Makatiani explained that the firm had outlined incident proportions and loss magnitudes and sector exposure trends in the report to emphasize a central insight: investing in resilience through stronger identity governance, visibility, and recovery capability reduces both the likelihood and severity of cyber losses, making it a strategic economic priority for organizations and national ecosystems.

He stated that while there had been immense progress, the rate at which organizations were investing in protecting themselves from cyber criminals, the use of Artificial Intelligence had emerged as a central countermeasure that requires a rethink.

As a result, marketplace scams, e-commerce manipulation, and fake platform activity continue to grow. Supplier-invoice redirection and impersonation schemes are widespread. SIM-swap and mobile-money fraud persist despite stronger controls.

Read Also: New Sophos–Microsoft Copilot Integration Democratizes Advanced Cyber Threat Intelligence for Organizations of All Sizes