NAIROBI, Kenya, Nov 27- It has emerged that despite the data protection law being in force for nearly 12 months, most Kenyans are unprepared to effect its regulations.
With Covid-19 pushing more organizations to adopt technology for their operations, public and private sector staff, contractors and executives are working away from their office premises to the extent that 2020 recorded the highest jump in cybersecurity attacks recorded by Cyber Security Consultancy Serianu since 2018.
These are some of the revelations contained in the latest Kenyan Edition of the annual Africa Cyber Security Report, regular documentation of threats, trends, and opportunities arising in cybersecurity produced by Serianu.
Speaking during the official launch of the 2020 report, Serianu Chief Operating Officer Joseph Mathenge said that two major developments had taken place in Kenya particularly and Africa generally over the past 19 months covered in the survey.
“The first one is a remarkable rise in the number of cybersecurity attacks that were detected, more than double from 23 million in 2019 to 51 million cases in 2020. Secondly, and even more crucially, is that over 90 percent of Kenyans surveyed have neither understood the new Data Protection Act and nor fully considered its impact,” said Mathenge.
According to the Serianu report, 95 percent of Kenyans are mostly ignorant about it, with less than half saying they were remotely aware of its existence.
This is even though over 70 percent of the organizations interviewed acknowledged collecting sensitive personal and corporate data in the normal course of their operations.
The report paints a picture of a lackluster public attitude towards the Data Protection Act of 2019, a situation that the Serianu say is reflected in the fact that since the law was enacted, over 70 percent of respondents have not taken any steps to preserve the data that they already possess.
“This may be because there has not been an enforcement regulator in place, with the appointment of the new Data Commissioner only recently concluded,” explained Mathenge adding that within most organizations they surveyed, there is a prevailing sense of misunderstanding of what constitutes data and the consequences of its mismanagement.
Kenya, he noted, is at a crucial turning point since there are multitude technologies that expose the general population’s personal information to potential misuse.
As a result, one of the major points of note in the report is that the new Data Protection Act calls for enhanced cybersecurity vigilance due to the rise of identity theft as a major form of fraud.
The report singles out medical records as particularly vulnerable, stating that health providers are expected to be under closer scrutiny by the new Data regulator due to the sensitivity of the information they keep.