Within the last three months of 2025, Kenya’s cyber threats reached 4.6 billion, representing an astonishing 441.3 percent increase from the preceding quarter.
This was contained in the latest report released by the Communications Authority of Kenya, the regulatory body for the Information and Communication Technology (ICT) industry in the East African nation.
The report, titled ‘Second Quarter Sector Statistics Report for the Financial Year 2025/2026,’ covered the period between October 1, 2025, and December 31, 2025. Kenya’s financial year runs from July 1 to June 30, with the first quarter spanning July to September.
Drivers of the Surge in Cyber Threats
According to the report, the National Kenya Computer Incident Response Team/Coordination Centre (KE-CIRT/CC) detected 4.6 billion cyber threats, up from 0.8 billion recorded between July and September, the first quarter.
This surge in attacks was attributed to several factors, including inadequate system patching and insufficient user awareness of phishing and other social engineering threat vectors.
- According to a 2025 report by Tech.co, 98.4 percent of surveyed U.S.-based senior leaders cannot correctly identify a phishing scam. This is despite phishing accounting for 40 percent of total data breaches.
However, Kenya’s surge in cyber attacks was also driven by what the country’s Communications Authority described as the “exploitation of AI-driven and machine learning technologies by malicious actors.”
How Kenya’s 4.6 Billion Cyber Threats Occurred
Distributed Denial-of-Service (DDoS) attacks recorded the highest surge, rising from 4.8 million between July and September 2025 to 58.3 million between October and December 2025 — a 1,116.7 percent increase.
- DDoS attacks are malicious attempts to disrupt a server, service, or network’s normal traffic by overwhelming it with a flood of internet traffic from multiple compromised sources.
The rise of AI has also enabled its use in DDoS attacks. AI allows attackers to launch faster, more sophisticated, and harder-to-detect campaigns by automating reconnaissance, adapting attack vectors in real time, and mimicking legitimate human traffic.
- System vulnerabilities followed, increasing by 463.4 percent to 4.4 million cases.
- Mobile application attacks also saw a significant rise, increasing by 303.2 percent to 310,009 from the previous quarter.
Brute-force attacks rose by 127.4 percent to 42.6 million, while malware — which accounts for the highest number of cyber threats — increased by 123.9 percent to 70.9 million.
The Cost of Cyber Attacks in Kenya and Across Africa
The cost of cyber threats and attacks runs deep, with Africa reportedly losing $5 billion in 2025.
- According to TechMedia Africa, Kenya lost $230 million, equivalent to KES 29.9 billion, between April and June 2025.
- Kenya is not alone. In 2024, Nigerian financial institutions collectively lost N52.26 billion to fraud, up from N34.59 billion recorded in 2023.
In the first half of 2025, Access Bank lost N1.64 billion to cyber fraud. United Bank for Africa lost N288 million, while Guaranty Trust Bank recorded losses of N255 million.
How to Prevent Africa’s Soaring Cyber Threats
The Communications Authority of Kenya noted that it issued 21.8 million advisories, up from 20 million in the previous quarter.
However, as the report showed, this was not sufficient to curb the rise in cyber threats. To mitigate further risks, the Authority recommended the following measures:
- Implementation of multi-factor authentication
- Adoption of comprehensive password policies
- Proper configuration of network firewalls and antivirus software
In a recent report, TechMedia Africa also highlighted that using a single password across multiple platforms could expose bank users to significant financial losses.