Kenya has launched a KSh454 million (€3 million) European Union–funded cybersecurity programme amid rising cyberattacks that have exposed vulnerabilities in government digital systems and inflicted billions of shillings in economic losses.
- •The Kenya Cyber Resilience (KCR) Project, running for 36 months, seeks to strengthen the country’s legal, institutional and operational cyber defences at a time when the state’s rapid digitisation has increasingly outpaced its security safeguards.
- •The launch comes less than a year after dozens of government websites were knocked offline and defaced in a coordinated cyberattack, one of the most severe breaches of Kenya’s public digital infrastructure to date.
- •Kenya’s digital state now relies heavily on online platforms for e-government services, digital payments, identity systems and citizen-facing portals.
“This project was developed through extensive consultations to ensure it responds to real institutional needs and priorities,” Principal Secretary for ICT and the Digital Economy Eng. John Tanui said.
The programme is structured around three pillars: strengthening legal, regulatory and institutional frameworks; enhancing operational capacity for cyber incident prevention and response; and promoting cybersecurity awareness, inclusion and trust.
“Cyber resilience is not a tech problem, it is a national priority,” Broadcasting and Telecommunications PS Stephen Isaboke added. “It is the prerequisite for our economic growth and the guardian of our democratic values.”
Rising costs, smarter attackers
According to the Africa Cybersecurity Report 2025 by Serianu, the country recorded cyber-related losses of KSh29.9 billion last year as attacks increased in frequency, sophistication and financial impact.
Online and email fraud accounted for 40% of all incidents and 32% of total losses, highlighting persistent weaknesses in identity management and user awareness. Threat actors are also increasingly deploying AI-enabled attack campaigns, combining phishing, credential theft and ransomware across financial institutions and public-sector systems.
Key platforms affected in the most recent attack included State House, the Ministries of Interior, Health, Education, ICT and Labour, the Directorate of Criminal Investigations, Immigration, the Hustler Fund portal and Nairobi County systems.
Visitors to the compromised sites were greeted with white supremacist and neo-Nazi propaganda, raising concerns not only about technical weaknesses but also about the reputational, diplomatic and national security implications of cyber intrusions.
These trends have placed Kenya’s public institutions under pressure as digital services expand without commensurate investment in coordinated cyber defence.
Funded by the European Union and implemented by Expertise France, in partnership with the Estonian Centre for International Development (ESTDEV), the KCR project is designed to support Kenya in building a more coherent national cybersecurity ecosystem.
