NAIROBI, Kenya, Nov 27 – Payment fraud is now the most common cybercrime in Kenya, driven by real-time money transfers, weak monitoring systems, and rising social-engineering attacks, the 2025 Serianu Cybersecurity Report shows.
Online and email fraud ranked second, accounting for 40 percent of reported incidents and 32 percent of losses, underscoring mounting cyber-risk pressures across enterprises and government agencies.
Kenya recorded Sh29.9 billion (USD 0.23 billion) in cybercrime losses this year, while Africa-wide losses surged to Sh650 billion (USD 5 billion), reflecting increasingly sophisticated attacks.
The report — From Risk to Resilience: AI and the Future of Cyber Risk Management — surveyed 280 organizations and identifies dominant threat patterns, sector exposures, and the economic scale of emerging digital risks.
During the launch, Secretary to the Cabinet Mercy Wanjau said the government is setting up a centralized Government Security Operations Centre to strengthen national cyber readiness.
“This SOC will bring together monitoring, analysis, and response across ministries, departments, and agencies, enabling faster detection and more consistent protection of citizen-facing services,” she said.
“Trust is the currency of the digital age, and we must earn that trust every day.”
Serianu CEO William Makatiani said that although cybersecurity spending has improved, building resilience remains a strategic priority.
He noted that stronger identity governance, better visibility, and enhanced recovery capabilities can significantly lower cyber losses, especially as artificial intelligence accelerates both defensive tools and attack methods.
Makatiani added that marketplace scams, e-commerce manipulation, impersonation schemes, SIM-swap attacks, and mobile money fraud continue to pose major risks despite enhanced controls.
