In today’s rapidly digitizing economy, Kenya’s businesses, government agencies, and citizens are more interconnected than ever. While this transformation has unlocked tremendous opportunities, it has also exposed critical vulnerabilities. Cybercriminals—both local and international—are zeroing in on Kenyan targets with increasing frequency and sophistication. At Ligco Technologies, we believe in confronting these realities head-on. Below, we outline the recent surge in cybersecurity incidents within Kenya, share concrete examples of attacks, and discuss why organizations must take immediate, pragmatic steps to safeguard their digital assets.
1. The Evolving Threat Landscape in Kenya
Kenya has become a primary target for cyber adversaries in East Africa. According to data compiled by SOCRadar, 69.1% of all cyber threats in the region are directed exclusively at Kenyan entities, underscoring a worrisome trend that the country is perceived as a lucrative playground for attackers socradar.io. From crippling Distributed Denial of Service (DDoS) attacks—numbering over 57,000 in 2024 alone—to relentless phishing campaigns, Kenyan organizations face a barrage of malicious activity that can disrupt operations, erode public trust, and inflict staggering financial losses socradar.io. As digital services become the backbone of commerce and governance, being complacent is no longer an option.
2. Financial Sector Under Siege
2.1 Debit Card Fraud at Equity Bank (April 2024)
One of the earliest wake-up calls arrived in April 2024, when Equity Bank—Kenya’s largest lender—fell victim to a coordinated debit card fraud scheme. Hackers executed a “card-not-present” attack that siphoned off approximately KES 179.6 million (about $1.3 million) in just one week, transferring stolen funds into hundreds of bank and mobile money accounts techcabal.comeastleighvoice.co.ke. The Directorate of Criminal Investigations (DCI) swiftly arrested 19 suspects, but the breach exposed glaring control weaknesses within Equity’s internal systems and prompted an urgent call for tighter transaction monitoring and multi-factor authentication across banks techcabal.comeastleighvoice.co.ke.
“Relationships, like cars, should undergo regular services to make sure they are still roadworthy.”
3. Public Sector Faces Devastating Ransomware and Breach Alerts
3.1 Ransomware Strike on NSSF Kenya (May 2025)
Public institutions have not been spared. On May 19, 2025, the National Social Security Fund (NSSF) of Kenya was targeted by the “devman” ransomware gang, which claimed to have encrypted all networked devices and exfiltrated 2.5 terabytes of sensitive member data—valued at roughly $4.5 million—and threatened to publish it unless a ransom was paid redpacketsecurity.comtoptechgh.com. Although NSSF officially denied that member records were compromised, the public outcry and subsequent media scrutiny underscored the organization’s lack of proper network segmentation, inadequate off-site backups, and insufficient endpoint detection capabilities toptechgh.com.
3.2 Registrar of Companies Data Breach Alert (February 2025)
Earlier in February 2025, the Kenyan government issued an official cyber-security alert warning that the systems of the Registrar of Companies might have been compromised—a potential breach that could expose sensitive corporate registration data, including directors’ personal details and company financial filings kenyanews.go.ke. Government officials convened press briefings, but nine months later, no comprehensive investigation report or remediation update has been made public. In a country where public trust hinges on data privacy, such opacity only fuels speculation and undermines confidence in governmental cyber defenses.
4. Capacity Building and Industry-Led Initiatives
4.1 Regulatory & Institutional Responses
Recognizing the escalation of cyber threats, Kenya’s Ministry of Information, Communications and the Digital Economy (ICDE), along with the National KE-CIRT/CC, initiated a capacity-building workshop from March 10–11, 2025 to strengthen cybercrime legislation, evidence handling, and inter-agency coordination ca.go.ke. This workshop—part of Kenya’s broader effort to accede to the Budapest Convention on Cybercrime—brought together stakeholders from the Judiciary, the Office of the Data Protection Commissioner, and the Directorate of Criminal Investigations, highlighting that legislation, human capital development, and cross-sector collaboration are vital if Kenya is to fend off modern cyber adversaries.
4.2 Private Sector & International Collaboration
On May 14, 2025, Microsoft announced the ARC Initiative, a program aimed at bolstering cybersecurity readiness across Kenyan enterprises by offering cloud-based security tools, threat intelligence, and hands-on training blogs.microsoft.com. While welcome, such initiatives must be matched by local organizations committing to adopt these tools—rather than sign up and leave them idle. Ligco Technologies applauds these collaborations but stresses that ad hoc training sessions alone will not suffice; continuous, organization-wide security hygiene—including regular red-teaming, automated patch management, and strict access controls—must be implemented immediately.
5. Why Kenyan Organizations Can No Longer Afford to Procrastinate
Skyrocketing Financial & Reputational Costs
The aggregate impact of the 2024–2025 Equity Bank episodes (≈$15 million+ lost) and the NSSF ransomware scare demonstrates that losses are not theoretical. Each incident inflicted multi-million-dollar damages, triggered regulatory fines, and inflicted severe reputational harm that lingers for years.
Regulatory Pressure & Legal Liability
Kenya’s Data Protection Act of 2019 mandates strict notification timelines and heavy penalties for personal data breaches. Organizations slow to respond or transparent about breaches risk hefty fines and potential class-action litigation by affected customers.
Insider Threats Are Intensifying
As illustrated by the Equity Bank insider heist and M-PESA payroll fraud, attackers increasingly exploit privileged employees rather than reliance solely on external hacking. Mitigating insider risk demands not only technical controls (e.g., privileged access management) but also robust HR policies, continuous monitoring, and clear channels for whistleblowing.
Public Trust Is Fragile
Government agencies, quasi-governmental entities, and private firms cannot afford to erode citizen trust. A single data breach at a regulatory body or financial institution can stall entire digital transformation projects, as stakeholders become wary of entrusting confidential information online.
6. Pragmatic Measures for Immediate Action
At Ligco Technologies, we advocate for an unvarnished, results-driven approach to cybersecurity. Below are concrete steps every organization in Kenya should adopt now:
Conduct a Comprehensive Cyber Risk Assessment
Map all critical digital assets—including customer databases, payment systems, and third-party integrations. Identify which systems hold Personally Identifiable Information (PII) or trade secrets and rank them by risk.
Implement Defense in Depth
Ensure network segmentation so that a breach in one department (e.g., payroll) cannot cascade through the rest of your infrastructure. Enforce Next-Generation Firewalls (NGFWs), intrusion detection/prevention systems (IDS/IPS), and granular privileged access controls.
Enforce Multi-Factor Authentication (MFA) and Zero Trust
All remote access points, administrative accounts, and critical business applications must have MFA enabled. Adopt a Zero Trust architecture, where no user or device is implicitly trusted, and continuous verification is required.
Regular Penetration Testing & Red Team Exercises
Hire independent third-party ethical hackers to simulate real-world attacks—both external and insider scenarios. Use their findings to patch vulnerabilities and to train your incident response team on detection and rapid containment.
Swift Patch Management & Software Updates
Many attacks (e.g., the 2024 Equity Bank heist) leverage unpatched software or unmonitored endpoints. Automate patch deployment for operating systems, firmware, and critical applications, and maintain an up-to-date asset inventory.
Employee Security Awareness & Insider Threat Programs
Conduct mandatory, role-based cybersecurity training at onboarding and quarterly refreshers. Use User and Entity Behavior Analytics (UEBA) tools to flag anomalous employee actions—such as excessive data exfiltration or irregular access patterns—before they can escalate into full-blown incidents.
Incident Response (IR) Plan & Tabletop Drills
Draft a formal IR playbook that details roles, communication channels, escalation procedures, and legal considerations. Run tabletop exercises bi-annually to test the plan under simulated crisis conditions.
Data Backup & Disaster Recovery (DR) Drills
The NSSF ransomware episode exposed glaring backup and recovery shortcomings. Maintain immutable, off-site backups, and schedule quarterly DR drills to ensure that critical systems can be restored within acceptable Recovery Time Objectives (RTOs).
7. Conclusion: Security Is a Continuous Journey
Kenya’s cybersecurity environment is at a critical inflection point. Financial services, public institutions, and private enterprises alike are under siege from ever-more sophisticated threat actors. We have witnessed the real-world fallout of complacency: multi-million-dollar thefts, harmful ransomware outbreaks, and widespread regulatory scrutiny. Ligco Technologies urges all stakeholders—CEOs, IT heads, and board members—to adopt a no-excuses posture toward cybersecurity.
There is no “good enough.” The status quo has already proven to be insufficient. By combining advanced technical controls (e.g., Zero Trust, continuous monitoring) with robust governance, employee training, and incident preparedness, Kenyan organizations can start turning the tide—not only to protect their own interests, but also to nurture a safer, more resilient digital economy for everyone.
About Ligco Technologies
Ligco Technologies is a Nairobi-based cybersecurity and software engineering firm dedicated to strengthening the digital defenses of businesses in East Africa. Leveraging industry best practices, cutting-edge tools, and a team of seasoned experts, we deliver end-to-end security solutions—from penetration testing and managed threat detection to comprehensive incident response and compliance advisory. When you partner with Ligco Technologies, you get straight talk, practical strategies, and unwavering commitment to protecting what matters most.