Kenya’s digital networks are experiencing growing pressure from cybercriminals using artificial intelligence to carry out more complex and targeted attacks, new figures from the Communications Authority of Kenya (CA) show.
Between July and September 2025, the country faced 842.3 million cyber threat detections, up from 657.8 million during the same period last year, reflecting a 28 per cent increase.
The Authority attributes the surge to increasingly sophisticated attacks aimed at both public and private networks, taking advantage of weak security measures and poor cyber practices.
Even though the total number of attacks was slightly lower than in the previous quarter, the overall cyber risk remains high due to unpatched systems, complacent users, and the rapid uptake of cloud technologies.
“The detected cyber threats can be attributed to several factors, including inadequate system patching, limited user awareness of threat vectors such as phishing and other social engineering techniques, as well as the growing adoption of AI-driven attacks and machine learning technologies by malicious actors,” the CA said in its latest report.
To combat the rising threat, the Authority has stepped up the issuance of cyber advisories targeting sectors that manage critical information infrastructure, including government bodies, banks, and telecommunications companies.
The goal is to prevent data leaks, service disruptions, and breaches of sensitive information.
System-based intrusions continued to dominate, making up 776.5 million cases, equivalent to 83 per cent of all recorded incidents. These attacks mainly targeted vital computer systems, exploited software vulnerabilities, and tricked users into providing unauthorised access to data.
The CA also highlighted that cloud misconfigurations, weak application interfaces, and default security setups remain major sources of exposure. “Misconfigurations in cloud services, APIs, and default settings continued to be a major factor in breaches and data exposure, as the speed of cloud adoption left many gaps in secure configuration hygiene,” the report stated.
Other attacks during the period included distributed denial-of-service (DDoS) incidents, malware campaigns, brute-force attacks, and breaches on web and mobile applications.
Ransomware operations were reported to have grown more complex, with criminals combining data encryption, theft, and extortion to target essential service providers and financial institutions.
