Kenya reports three billion cyberattacks in three months with Nairobi leading in number of cases

Kenya experienced three billion cyberattacks targeting system vulnerabilities, cloud services and government institutions in the past three months, the National Computer and Cybercrime Coordination Committee (NC4) has revealed.

The committee, which supports the protection of the country’s digital infrastructure and coordinates cybercrime response, said the latest status report showed an increase in offences linked to digital payments, unauthorised access and interference with computer systems, identity theft, online harassment, fraud and false publication.

Nairobi recorded the highest number of cybercrime cases, with other incidents reported in Nyanza, Eastern, Rift Valley, Central, Coast and Western regions.

The report showed that most cyber offences reported in Nairobi involved intentionally withholding electronic payment delivered erroneously, unauthorised access to computer systems, computer fraud and cyber harassment.

Other offences recorded in the capital included identity theft and impersonation, as well as unauthorised interference with computer systems.

The committee said Nairobi continues to record the highest number of cybercrime cases due to the high levels of digital transactions, online activities and the concentration of public and private sector institutions.

While receiving the report, Interior Principal Secretary Raymond Omollo, who chairs the NC4, said the findings come at a time when Parliament approved the establishment of the National Cybersecurity Agency (NCSA).

Omollo said the agency would help the country improve coordination, protect critical information infrastructure and strengthen response to emerging cyber threats.

In the Nyanza region, cyber harassment was among the leading reported cybercrime offences. "Other cases involved identity theft and impersonation, unauthorised access to computer systems and unauthorised interference with computer systems," the Committee said.

The region also recorded cases of child pornography, fraudulent use of electronic data, possession of illegal devices and access codes, as well as intentionally withholding electronic messages delivered erroneously.

In the Eastern region, the leading cybercrime offences were computer fraud, cyber harassment and unauthorised access to a computer system with the intent to commit a further offence.

The Rift Valley region recorded a decline in computer fraud cases compared to the same period last year. However, the region reported an increase in cases involving intentionally withholding electronic messages delivered erroneously.

Other offences recorded in Rift Valley included computer fraud, cyber harassment, wrongful distribution of intimate images without consent and unauthorised access to a computer system with intent to commit a further offence.

In the Central region, cybercrime cases were spread across different categories, including child pornography, computer forgery, cyber harassment, identity theft and impersonation, and wrongful distribution of intimate images without consent.

The Coast region recorded cases of computer fraud and cyber harassment, while the Western region mainly reported cyber harassment and unauthorised interference with computer systems.

Following the findings, the committee resolved to engage critical sector players, including banking institutions, mobile network operators, aviation and energy sectors, to improve their proactive defences and cybersecurity capabilities.

NC4 said it is also developing a Rapid Reference Guide aimed at standardising and streamlining the investigation and prosecution of cybercrime cases in Kenya.