NAIROBI, April 10 – Kenya recorded 4.6 billion cyber threat events in the three months to December 2025, marking its sharpest quarterly spike in at least three years, according to a report by the Communications Authority of Kenya (CA).
The figure represents a 441.3% jump from 842 million incidents in the previous quarter, underscoring the growing pressure on the country’s cybersecurity systems as digital activity expands.
Across categories, system vulnerabilities accounted for the bulk of incidents, rising 463.4% to 4.37 billion events with mobile application attacks also increasing significantly, climbing 303.2% over the same period.
Distributed Denial-of-Service (DDoS) attacks recorded the fastest growth, surging 1,116.7% quarter-on-quarter. These attacks, which disrupt websites and servers by flooding them with traffic, have become a key concern for regulators.
Asides the spike, response levels have lagged. Of the 21.8 million advisories issued during the period, only 1.34 million were linked to DDoS incidents, highlighting a gap between threat levels and mitigation efforts.
The CA attributed the rise partly to the increasing use of artificial intelligence tools by cybercriminals, alongside weak system patching and limited user awareness of online threats.
The latest figures continue an upward trend observed over the past year with over 2.54 billion cyber threats recorded in the first quarter of 2025, following earlier increases in 2024, indicating a sustained escalation.
The country’s growing digital economy adds to the urgency as the country lost an estimated $83 million to cybercrime in 2023, while its fintech sector is projected to handle up to $1.5 trillion in payments by 2030.
