When One Password Brings a Business to a Halt: How Safaricom Is Rethinking Cyber Resilience

Frankline Okata, Ag. Chief Enterprise Business Officer, Safaricom PLC.

At seven o’clock on a normal workday morning, everything should be running on autopilot. Systems boot up. Orders appear on dashboards. Drivers collect their routes and roll out.

But on this particular morning, nothing works.

The production system refuses to load. Orders confirmed the night before have vanished. Emails bounce back. Drivers stand idle in the yard, unable to access their digital route sheets.

The problem does not start with a sophisticated hack. It begins with a familiar mistake — a single employee account compromised because the same password was reused across multiple platforms.

When Safaricom Business leaders share this scenario with executives, the reaction is often quiet and uncomfortable. Many admit the same thing: in the rush to scale, everyday digital risks are easy to overlook, until they bring everything to a standstill.

Across Kenya’s economy, the pattern repeats itself. Hospitals are struggling to protect patient records. SACCOs are under pressure to secure member data. Logistics firms depend on tightly synchronised systems, while retailers cannot afford even an hour of downtime.

Different sectors, same reality — digital transformation is moving fast, but security habits are lagging behind.

This growing gap is shaping Safaricom Business’ cybersecurity focus at a time when Kenya’s digital footprint is expanding rapidly. Cloud adoption, mobile-first services, connected devices and data-driven decision-making are now standard across industries. At the same time, cybercriminals are increasingly targeting critical infrastructure in finance, healthcare, energy, education and government.

The risks — and their cost — were a central theme at the 2025 Safaricom Cybersecurity Summit, held under the banner “Powering Progress. Securing Growth.” Participants agreed that cybersecurity can no longer be treated as an IT issue. It has become a business survival issue.

The timing is especially critical as the festive season approaches. Cybersecurity experts warn that attacks tend to spike during public holidays and weekends, sometimes by as much as 30 per cent globally, as organisations deal with higher online activity and reduced vigilance — particularly in financial services.

Safaricom Business says its starting point with enterprises is often simple awareness. Many organisations are unaware of how exposed they are due to outdated systems, weak access controls or misconfigured devices.

Through risk assessments, audits and penetration testing, businesses gain a clearer picture of where their biggest vulnerabilities lie.

Once risks are identified, the focus shifts to protection that fits day-to-day operations. This includes secure internet filtering, enterprise firewalls, email and application security, and endpoint protection for the laptops and mobile devices employees rely on daily. These measures address the most common incidents Safaricom sees locally, including credential theft and malware.

Yet technology alone is not enough. Human error remains one of the biggest entry points for attackers. Safaricom Business has placed growing emphasis on cybersecurity awareness training, helping employees — including senior executives — recognise threats and make safer decisions online.

When incidents do happen, response time matters. Safaricom’s Managed Security Operations Centre provides continuous monitoring, early alerts and response support, helping businesses contain threats before they escalate into prolonged outages. This capability is supported by global technology partners such as Fortinet, Cloudflare and NetScout, combined with Safaricom’s on-the-ground expertise.

Security, Safaricom says, must also be built into the foundations of growth. Its fibre, dedicated internet, SD-WAN and 5G connectivity services are designed with embedded security. For businesses moving to the cloud, secure hosting, backup and continuity services help reduce disruption. As IoT adoption grows across logistics, utilities, retail and agriculture, secure SIM management and monitoring aim to protect increasingly connected operations.

What sets Safaricom Business apart, the company argues, is its holistic view of cyber defence. Rather than protecting isolated systems, it focuses on the entire digital ecosystem — from connectivity and cloud to devices, applications, payments and IoT.

As Kenya’s digital economy continues to expand, the message from Safaricom Business is clear: growth without resilience is fragile. The organisations that invest in visibility, strong defences, informed teams and rapid response will be better placed to grow without interruption.

For Safaricom, the goal is not just to help businesses stay online, but to help them move forward with confidence — even when the unexpected happens.