Kenya recorded 3 billion cyberattack attempts in three months, NC4 says

Kenya experienced more than three billion cyberattack attempts targeting system vulnerabilities, cloud services, and government institutions over the past three months, according to the latest report by the National Computer and Cybercrime Coordination Committee (NC4).

The report highlights a growing trend in cyber-related offences, including digital payment fraud, unauthorized access and interference with computer systems, identity theft, online harassment, fraud, and false publication.

Speaking while receiving the report, Principal Secretary for Internal Security and National Administration Dr. Raymond Omollo, who chairs the NC4, said the findings come at a critical time following Parliament’s approval of the National Cybersecurity Agency (NCSA).

Dr. Omollo noted that the new agency will strengthen national coordination, enhance the protection of critical information infrastructure, and improve the country’s response to emerging cyber threats.

According to the report, Nairobi recorded the highest number of cybercrime cases, followed by incidents reported in Nyanza, Eastern, Rift Valley, Central, Coast, and Western regions.

In Nairobi, the most common offences included intentionally withholding electronic payments delivered erroneously, unauthorized access to computer systems, computer fraud, and cyber harassment. Other reported crimes involved identity theft, impersonation, and unauthorized interference with computer systems.

The report attributes Nairobi’s position as the country’s cybercrime hotspot to its high concentration of digital transactions, online activity, and major public and private sector institutions.

In Nyanza, cyber harassment accounted for the majority of reported cases. The region also recorded incidents of identity theft and impersonation, unauthorized access and interference with computer systems, child pornography, fraudulent use of electronic data, possession of illegal devices and access codes, and intentional withholding of electronic messages delivered in error.

Eastern region reported high incidences of computer fraud, cyber harassment, and unauthorized access to computer systems with intent to commit further offences.

While Rift Valley recorded a decline in computer fraud cases compared to the same period last year, authorities noted a significant increase in incidents involving the intentional withholding of electronic messages delivered erroneously. Other offences reported in the region included cyber harassment, wrongful distribution of intimate images without consent, and unauthorized access to computer systems for criminal purposes.

In the Central region, cybercrime cases were spread across several categories, including child pornography, computer forgery, cyber harassment, identity theft and impersonation, and the non-consensual distribution of intimate images.

The Coast region mainly recorded cases of computer fraud and cyber harassment, while Western region reported high numbers of cyber harassment incidents and unauthorized interference with computer systems.

To address the growing threat, the NC4 resolved to enhance engagement with critical sectors such as banking, telecommunications, aviation, and energy to strengthen proactive cyber defenses and cybersecurity capabilities.

The committee is also developing a Rapid Reference Guide aimed at standardizing and streamlining the investigation and prosecution of cybercrime cases in Kenya.

The briefing was attended by NC4 Director Dr. James Kimuyu, Data Protection Commissioner Immaculate Kassait, and representatives from the Ministry of Information, Communications and the Digital Economy, the Communications Authority of Kenya, the Directorate of Criminal Investigations, the Kenya Defence Forces, the National Intelligence Service, the Central Bank of Kenya, the Office of the Director of Public Prosecutions, and eCitizen.