Kenya losing Sh29 Billion yearly as cyberattacks surge, Murkomen warns

Kenya is facing a growing cyber security challenge that is costing the country at least Sh29 billion every year, with government data showing it has become one of the most targeted nations in Africa for digital attacks.

Interior Cabinet Secretary Kipchumba Murkomen told Parliament that the country is now among the top four most targeted African states as cyber criminals increasingly exploit the rapid expansion of digital services, internet access and emerging technologies.

In documents submitted to the National Assembly Delegated Committee, Murkomen said the frequency and sophistication of cyber and ICT-related attacks continue to increase as more sectors shift operations online.

He attributed part of the challenge to Kenya's high level of internet activity, noting that citizens spend an average of five hours and 10 minutes on social media daily. The figure is more than twice the global average and reflects the country's growing dependence on digital platforms for communication, business and access to services.

According to the CS, the government's push to expand digital infrastructure has delivered major gains in connectivity but has also widened the country's exposure to cyber threats.

Since 2023, Kenya has installed more than 7,000 kilometres of fibre optic cable, while plans are underway to establish 25,000 public internet hotspots across the country to support innovation, youth empowerment and business growth.

Murkomen said the increased connectivity has created new opportunities for attackers, warning that Kenya now records more than 8.6 billion attempted intrusions targeting ICT infrastructure every year.

He said the threat is expected to grow further as state and non-state actors continue to develop more advanced methods of targeting vulnerable systems.

The CS cited several incidents that have affected public institutions and government services in recent years. They include the denial-of-service attack that disrupted eCitizen services in 2023, cyber disruptions linked to the 2024 Finance Bill demonstrations, defacement of government websites and data breaches involving the Kenya Bureau of Statistics in 2025, as well as a ransomware attack on the Kenya National Highways Authority in May 2026.

Murkomen cautioned that the actual scale of cybercrime may be much larger than official figures suggest because many successful attacks are never reported.

The ministry estimates that Kenya has between 23.4 million and 27.4 million active internet users. The country also records mobile penetration of 140 per cent and handles approximately 500 million mobile money transactions every day.

He said the combination of widespread internet use and heavy reliance on digital financial services has made cyber security a national priority.

To strengthen the country's defences, the Interior Ministry is seeking Sh4 billion to establish the National Cybersecurity Agency.

Murkomen said the agency will help bridge existing gaps in cyber governance and improve the country's ability to detect, prevent and respond to attacks.

The proposed funding will be used to establish a cybersecurity operations centre, develop policies, train personnel and acquire specialised software and tools needed to monitor and manage cyber threats.

He added that operational expenses are expected to reduce over time once the agency is fully established.

According to the CS, the National Cybersecurity Agency will enhance protection of critical infrastructure, improve public awareness on safe digital practices and strengthen Kenya's reputation as a reliable partner in the global digital economy.

Murkomen urged legislators to support the proposal, saying investment in cyber security has become necessary as the country deepens its digital transformation efforts.

He warned that failure to act quickly would leave government systems, businesses and citizens increasingly exposed to sophisticated cross-border cyber threats and mounting financial losses.