Cyberattacks cost Kenya an estimated Ksh29.9 billion (US$230 million) in 2025 as the scale and sophistication of online crime continued to rise, according to a new industry report released by cybersecurity consultancy Serianu.
Africa-wide losses reached Ksh650 billion (US$5 billion), the firm said in its annual assessment, From Risk to Resilience: AI and the Future of Cyber Risk Management. The analysis, based on responses from 280 organisations, highlights an increase in the frequency, diversity and economic impact of cyber incidents across key sectors.
Payment fraud was the most common attack category, driven by real-time transfers, weak monitoring systems and social engineering, followed by online and email fraud, which accounted for 40 percent of reported incidents and 32 percent of total losses. Attackers increasingly used hybrid tactics — combining phishing, credential theft and ransomware — to target financial institutions and government systems.
Speaking at the launch, Secretary to the Cabinet Mercy Wanjau said the government was establishing a national Security Operations Centre to coordinate monitoring, analysis and incident response across ministries and state agencies.
“The SOC will allow faster detection of incidents, more efficient crisis communication and more consistent protection of citizen-facing services,” she said. “As we expand digital public services, safeguarding personal data remains our priority. Trust is the currency of the digital age.”
Serianu CEO William Makatiani said the report mapped sector exposure and loss patterns to underscore the importance of resilience from identity governance to visibility and recovery capability as a strategic economic safeguard.
He warned that while defences have improved, organisations are not investing fast enough to keep pace with criminals, noting that the rise of artificial intelligence is reshaping both cyberattacks and defensive strategies.
Marketplace scams, e-commerce manipulation, fake platform activity and supplier-invoice fraud remain widespread, while SIM-swap and mobile-money attacks persist despite tighter controls, the report said.
More Read
Cyber-attacks drive losses in Kenya to US$230m as Threats Intensify-Report
