Kenya has unveiled a KSh454 million (€3 million) cybersecurity programme backed by the European Union, aiming to fortify government digital systems amid a rise in cyberattacks that have exposed vulnerabilities and caused billions of shillings in losses.
The Kenya Cyber Resilience (KCR) Project, set to run for 36 months, is designed to strengthen the country’s legal, institutional, and operational cybersecurity capacity. Its launch comes less than a year after a major coordinated attack disrupted and defaced numerous government websites—one of the most serious breaches in Kenya’s public digital infrastructure to date.
Kenya’s increasingly digital state depends on online platforms for e-government services, digital payments, identity management, and citizen-facing portals. “This project was developed through extensive consultations to ensure it meets real institutional needs and priorities,” said Principal Secretary for ICT and the Digital Economy, Eng. John Tanui.
The programme focuses on three main pillars: enhancing legal, regulatory, and institutional frameworks; improving operational capacity for preventing and responding to cyber incidents; and promoting cybersecurity awareness, inclusion, and trust.
Also Read: Trading at Market Speed with I&M Bank’s FX Direct
“Cyber resilience is not just a technical issue; it is a national priority,” added Broadcasting and Telecommunications PS Stephen Isaboke. “It is fundamental to our economic growth and the protection of democratic values.”
Rising Threats and Costs
The Africa Cybersecurity Report 2025 by Serianu noted that Kenya suffered KSh29.9 billion in cyber-related losses last year, as attacks became more frequent, sophisticated, and costly. Online and email fraud made up 40% of incidents and 32% of total losses, revealing ongoing weaknesses in identity management and user awareness. Attackers are increasingly using AI-enabled campaigns combining phishing, credential theft, and ransomware targeting both financial institutions and public-sector systems.
Recent attacks affected high-profile platforms, including State House, ministries such as Interior, Health, Education, ICT, Labour, the Directorate of Criminal Investigations, Immigration, the Hustler Fund portal, and Nairobi County systems. Compromised websites displayed white supremacist and neo-Nazi propaganda, highlighting not only technical vulnerabilities but also reputational, diplomatic, and national security risks.
With digital services expanding faster than coordinated cybersecurity measures, public institutions face mounting pressure. Funded by the European Union and implemented by Expertise France in partnership with the Estonian Centre for International Development (ESTDEV), the KCR project aims to help Kenya establish a more integrated national cybersecurity ecosystem.
