Cybercrime costs Kenya Sh10 billion, second highest in Africa in 2023

Kenya lost Sh10.71 billion ($83 million) to cybercrime in 2023, according to a report from the Communications Authority of Kenya (CA).

Businesses and government agencies affected by cyber-attacks had to spend an average of Sh561 million ($4.35 million) on restoring their services.

The report indicates that Kenya's cybercrime losses were the second highest in Africa, trailing only Nigeria, which suffered losses of Sh232.2 billion ($1.8 billion).

Uganda faced losses of Sh8.6 billion ($67 million), while Botswana and Lesotho reported losses of Sh5 billion ($39 million) and Sh296.7 million ($2.3 million), respectively.

Data from the National Kenya Computer Incident Response Team Coordination Centre (KE-CIRT/CC) revealed a worrying trend where attackers are increasingly targeting national assets and financial institutions.

CA Director-General David Mugonyi noted that the financial services, government, fintech, hospitality, education, telecommunication, and manufacturing sectors were the most impacted by cyber incidents and losses.

Insider threats, online fraud

Despite efforts to counter external threats, insider threats and online fraud have emerged as the leading dangers. Between April and June 2024, KE-CIRT detected 1.1 billion cyber threats aimed at Kenyan assets.

"The average data breach in Kenya in 2023 was $4.35 million (Sh561 million)," Mugonyi stated, highlighting the scale of the challenge.

He emphasised the need for localised solutions to tackle cyber threats unique to Kenya, such as cyberespionage and cyberterrorism, which may not be effectively addressed by global frameworks.

Last month, Interior and National Administration Principal Secretary Raymond Omollo said that cyber threats pose a great danger to Kenya's national security.

Omollo said these threats also pose risks to all sectors, as well as the critical information infrastructure.

The PS insisted that this is particularly worrying to the government and the private sector, who rely heavily on information, communication and technology for service delivery.

"Cybersecurity threats come from many sources including state-sponsored actors, hackers, intruders, and individuals who misuse their skills for malicious purposes," Omollo said.

"The danger they pose is real, and cyberattacks on our Critical Information Infrastructures could jeopardise our national security, public safety, and economic stability."