Blog updates on current trends in Business and Technology

Latest insights on business & technology — trends, analysis, and practical tips.

Kenya’s Cybersecurity Landscape Q2 2025-2026: Rising Threats & Strengthened Defences

February 13, 2026 • Joseph Kyule

Cybersecurity Cybersecurity Data Protection KE-CIRT/CC Kenya Phishing Ransomware
Kenya’s Cybersecurity Landscape Q2 2025-2026: Rising Threats & Strengthened Defences

Introduction

The latest quarterly report from Kenya’s National KE-CIRT/CC reveals a sharp escalation in cyber threats, alongside growing national efforts to build resilience through training, partnerships, and proactive advisories.

Key Findings: A Surge in Cyber Threats

4.5 billion cyber threat events were detected between October and December 2025, an alarming 441% increase from the previous quarter.

Ransomware, DDoS, and social engineering attacks were most prevalent, with threat actors increasingly using AI, automation, and extortion tactics.

Critical sectors like government, finance, telecoms, and academia remained prime targets.

Top Threat Vectors & Advisories

The National KE-CIRT/CC issued over 21.8 million advisories, a 9.3% rise from last quarter. Key threats included:

  1. Ransomware: Focused on data encryption + exfiltration, with advisories urging offline backups and zero-trust segmentation.
  2. DDoS Attacks: Short bursts aimed at disruption, with recommendations for AI-based traffic filtering.
  3. Social Engineering: More personalized, exploiting seasonal trends and mobile-centric approaches.
  4. System Misconfigurations: Exposed cloud services and poor access controls led to many breaches.
  5. Phishing & Mobile Attacks: Credential-harvesting and Android Debug Bridge (ADB) exploits saw significant increases.

Strategic Initiatives & Capacity Building

Kenya is not just reacting—it’s building capacity:

  1. 2025 Annual Cybersecurity Conference: Focused on building digital trust through coordinated response frameworks.
  2. Specialized Trainings: With UK support, programs covered:Proactive defense & threat analysis
  3. National CIRT/CERT/CSOC ecosystem design
  4. OT/ICS security for industrial systems
  5. NKCC Committee Meetings: Quarterly gatherings to share threat intel and strengthen public-private collaboration.

Looking Ahead

Next quarter will see a national information-sharing program to formalize threat intelligence exchange across sectors, aligning international best practices with Kenya’s legal and operational context.

Key Recommendations for Organizations

  1. Apply patches promptly and enforce MFA.
  2. Conduct regular configuration audits and security assessments.
  3. Invest in user awareness training and behavioral monitoring.
  4. Implement DDoS mitigation and AI-driven anomaly detection.

 

Report Cyber Incidents:

Email: incidents@ke-cirt.go.ke | Hotlines: +254 703 042700 | +254 730 172700 | Website: www.ke-cirt.go.ke

Stay vigilant, stay secure. Kenya’s digital resilience is a shared responsibility.

 

 

Telephone: +254 115 867 309 | +254 740 196 519 Email: cybersecurity@southendtech.co.ke| dataprotection@southendtech.co.ke | info@southendtech.co.ke |

Comments (0)

← Back to all blogs