Kenya experienced more than three billion cyberattacks over the past three months, targeting system vulnerabilities, cloud services and government institutions, according to a new report released by the National Computer and Cybercrime Coordination Committee (NC4).
The committee warned that the country is facing an increasingly complex cyber threat landscape, with a rise in offences linked to digital payments, unauthorized access to computer systems, identity theft, online harassment, fraud and false publication.
The findings were presented to Principal Secretary for Internal Security and National Administration Dr. Raymond Omollo, who chairs the NC4.
The committee said the report comes at a critical time following Parliament's approval of the National Cybersecurity Agency (NCSA), which is expected to strengthen the country's ability to coordinate responses to cyber threats and protect critical information infrastructure.
“Kenya experienced 3 billion cyberattacks targeting different sector system vulnerabilities, cloud services and government institutions in the past three months,” the report states.
According to the report, Nairobi recorded the highest number of cybercrime cases in the country, reflecting its status as the center of digital transactions and the concentration of both public and private sector institutions. Other cases were reported across Nyanza, Eastern, Rift Valley, Central, Coast and Western regions.
In Nairobi, the most common offences included withholding electronic payments delivered in error, unauthorized access to computer systems, computer fraud and cyber harassment.
Authorities also recorded cases involving identity theft, impersonation and unlawful interference with computer systems.
Nyanza region reported a high number of cyber harassment cases, alongside offences such as identity theft, impersonation, unauthorized access to computer systems and illegal interference with digital infrastructure.
The region also registered cases involving child pornography, fraudulent use of electronic data and possession of illegal devices and access codes.
In Eastern Kenya, computer fraud, cyber harassment and unauthorized access to computer systems with intent to commit further offences were the dominant crimes reported.
The Rift Valley region recorded a decline in computer fraud cases compared to the previous year, although authorities noted a significant increase in incidents involving the withholding of electronic messages delivered erroneously.
Cases of cyber harassment, non-consensual distribution of intimate images and unauthorized access to computer systems were also reported.
Meanwhile, Central Kenya recorded a broad range of offences, including child pornography, computer forgery, cyber harassment, identity theft and the wrongful distribution of intimate images without consent. At the Coast, computer fraud and cyber harassment were the most common offences, while cyber harassment and unauthorized interference with computer systems dominated cases reported in Western Kenya.
In response to the growing threat, the NC4 resolved to engage key sectors including banking, mobile network operators, aviation and energy providers to strengthen cybersecurity defenses and improve resilience against attacks.
The committee is also developing a Rapid Reference Guide aimed at standardizing and streamlining the investigation and prosecution of cybercrime cases across the country.
The briefing was attended by NC4 Director Dr. James Kimuyu, Data Protection Commissioner Immaculate Kassait and representatives from several agencies, including the Ministry of Information, Communications and the Digital Economy, the Communications Authority of Kenya, the Directorate of Criminal Investigations, the Kenya Defence Forces, the National Intelligence Service, the Central Bank of Kenya, the Office of the Director of Public Prosecutions and eCitizen.
The report underscores the growing importance of cybersecurity as Kenya continues to expand its digital economy and government services online, exposing institutions and citizens to increasingly sophisticated cyber threats.