Securing Kenya’s Critical Information Systems: Insights from the National Cyber Risk Assessment

In a recent announcement made by Emmanuel Kata Kimeu, the secretary of information and communications technology (ICT) security and audit control at the Ministry of Information, Communications, and the Digital Economy in Kenya, concerning cybersecurity vulnerabilities, it was revealed that approximately 50 percent of critical information systems in the country are susceptible to a range of cyber threats, including hacking and data breaches. This revelation underscores the pressing need for concerted efforts to bolster cybersecurity measures across various sectors.


The growing digital landscape in Kenya has brought about unprecedented opportunities for economic growth and societal advancement. However, it has also exposed the nation to increasingly sophisticated cyber threats. Emmanuel Kata Kimeu emphasized this point during a press briefing held in Nairobi, where he highlighted the alarming vulnerability of critical information systems to cyber intrusions and attacks.

Quick Summary:

  • About 50 percent of critical information systems in Kenya are vulnerable to cyber threats.
  • The financial sector, mobile banking in particular, faces the highest risk of cybersecurity breaches.
  • Other high-risk sectors include telemedicine, e-learning, and transport navigation.

Assessing Cyber Risks

The unveiling of the National Cyber Risk Assessment report, a collaborative effort between the Communications Authority of Kenya and the National Computer and Cybercrimes Coordination Committee, sheds light on the extent of cyber risks facing the nation. This comprehensive assessment delineates a national risk framework, identifying key assets and resources within critical sectors that are potential targets for cybercriminals.

Understanding Vulnerabilities

According to Kimeu, the financial sector emerges as the primary target for cyber threats, owing to the exponential growth of mobile banking services. However, it is not the sole sector at risk. Information systems integral to telemedicine, e-learning platforms, and transportation navigation systems are also identified as high-priority targets for cyber intrusions.

Mitigating Cyber Risks

To address these vulnerabilities, Kenya is taking proactive measures to fortify its cyber defenses. One such initiative involves the development of a comprehensive risk treatment plan aimed at strengthening critical information systems. Key strategies include:

  • Capacity Building: Recognizing the shortage of cybersecurity professionals, Kenya plans to bolster its workforce by recruiting and training skilled experts dedicated to safeguarding information systems.
  • Enhanced Governance: Despite progress in cyber governance, there remains a need for further investments and structural enhancements across various sectors to ensure robust cyber resilience.

Combatting Threat Vectors

Jackson Makewa, the director of ICT and cybersecurity at the Ministry of Information, Communications, and the Digital Economy, underscored the prevalence of malware and ransomware as critical cyber threat vectors. In response, Kenya is implementing a multifaceted approach to counter these threats, which includes:

  • Information Sharing: Facilitating collaboration and information exchange among stakeholders to proactively identify and mitigate potential cyber threats.
  • Cyber Threat Intelligence: Leveraging advanced technologies and analytical capabilities to gather actionable intelligence on emerging cyber threats and vulnerabilities.
  • Vulnerability Disclosure: Encouraging responsible disclosure of security vulnerabilities by incentivizing ethical hackers and cybersecurity researchers to report potential weaknesses in information systems.


Please enter your comment!
Please enter your name here