In just three months, between April and June 2025, Kenya lost approximately KES 29.9 billion (US$230 million) to cybercrime. This is according to a recent report titled “AI & the Cyber Frontier: Securing East Africa’s Digital Future”—developed by Smartcomply and TechCabal Insights.
The Global and Regional Disparity
The losses in Kenya are part of a sobering global trend. In 2025, the annual cost of global cybercrime was estimated at $10.5 trillion, a figure that rivals the GDP of the world’s largest economies. Despite the high cost of cybercrime, it is estimated that global cybersecurity spending will reach $1 trillion annually by 2031.
In the African context, the financial imbalance is even more pronounced:
- Total African Cybercrime Losses (2025): $5 billion.
- Total African Cybersecurity Expenditure (2025): $15.3 billion.
While East Africa’s digital platforms underpin financial inclusion, the “resilience gap”—the widening disparity between an organization’s cybersecurity prevention measures and its actual ability to withstand, recover from, and maintain operations during a cyberattack—remains acute.
Kenya’s Ground Reality: High Volume, Strong Defense
Kenya stands out as the region’s most digitally integrated economy, which also makes it the primary target. During the period under review, Kenya recorded more than 4.5 billion cyber threat events.
Despite this massive attack surface, Kenya has demonstrated significant operational resilience compared to its neighbors. While the country recorded 200,980 systems as its total attack surface, only 589 attacks were successful, representing a breach rate of just 0.3%.
In contrast, other nations in the region faced varying levels of success in their defenses:
- Tanzania suffered the highest breach rate, with 10,847 compromises out of 54,330 systems, an approximately 20% breach rate.
- Uganda saw 1,934 successful breaches from an attack surface of 27,250 systems, a rate of roughly 7%.
- Rwanda maintained a high defense level similar to Kenya, with only 39 breaches out of 13,460 systems, or approximately 0.3%.
Mitigating the Risk of Cybercrime
The report identifies an ‘execution gap’ where 74% of regional organizations rank cyber risk as a top priority, yet only 29% actually conduct tabletop exercises to simulate threats.
To mitigate these risks, experts argue that security must be built into the foundation of digital systems rather than added as an afterthought. Tim Theuri, CISO at M-PESA, emphasizes the human element of these digital failures:
“The cost of a cyber incident is measured in terms of damage to trust… and for SMEs in our markets, any interruption can translate into real human suffering.”
The report concludes that as East Africa’s infrastructure matures, cyber risk has evolved into a macroeconomic risk. Future stability will depend on whether defensive capabilities and response mechanisms can keep pace with the rapid scaling of digital systems.