Kenya’s ICT sector has experienced rapid growth, with mobile phone penetration now at 131% and active SIM subscriptions reaching 66.4 million in a population of approximately 49 million.
Mobile money subscriptions stand at 38 million, while internet penetration has climbed to 32.7% with 17.86 million active users. The government’s focus on expanding ICT adoption has driven significant progress in the digital economy.
The country’s increased internet use, widespread mobile phone and mobile money adoption, and the expansion of digital infrastructure have facilitated the digitization of government services.
Kenya has embraced social media, blockchain technology, and cloud-based services, which, while beneficial, have raised concerns about digital sovereignty and the regulation of local digital certification services.
The government has automated over 15,000 services through the eCitizen platform, enhancing business process automation, data sharing, and the digitization of records. Despite these advancements, cybersecurity remains a critical concern.
Read Also: Cybercrime: Energy and Water Sectors Hit Hard by Exploited Vulnerabilities
According to the newly released ICT Sector Working Group (SWG) report, the rapid evolution of ICTs has introduced a range of security challenges, with Kenya experiencing persistent cyberattacks from well-organized adversaries.
In the past seven years, Kenya has detected over 1.7 billion cyber threats, with more than 800 million attacks occurring in 2022 alone. Notable incidents include Distributed Denial of Service (DDoS) attacks on critical infrastructure, ransomware attacks, identity theft, and electronic fraud. These cyber threats have disrupted services, damaged institutional reputations, and posed risks to national stability.
To address these challenges, several recommendations have been proposed:
1. Develop a National Cybersecurity Policy under the Ministry of Information, Communications, and the Digital Economy.
2. Review the National ICT Policy 2019 to include social media management strategies.
3. Amend the Computer Misuse and Cybercrimes Act (CMCA) 2018 to establish a National Cyber Space Agency (NCSA), including a Cyber Space Academy (CSA) and a Cyber Space Centre of Excellence (CSCE).
4. Create a National Security Operations Centre (SOC), Sector SOCs, and Critical Information Infrastructure (CII) SOCs.
5. Amend the Kenya Information and Communications Act (KICA) to clarify cybersecurity responsibilities.
6. Revise the Data Protection Act (DPA) 2019 to improve registration and vetting of Data Controllers and Processors.
7. Designate the National Coordination Centre for Cybercrime (NC4) as the central authority for coordinating cybercrime investigations and security activities.
The recommendations also include administrative measures and a costed implementation plan to ensure effective execution.
