Nairobi leads as Kenya records 3 billion cyberattacks in three months
By Francis Muli, June 24, 2026Kenya experienced more than three billion cyberattacks targeting government systems, cloud services and critical digital infrastructure in the last three months, according to a new report by the National Computer and Cybercrime Coordination Committee (NC4).
The report, released on Wednesday, June 24, 2026, paints a worrying picture of a rapidly evolving cyber threat landscape, with offences ranging from computer fraud and identity theft to cyber harassment and unauthorised access to computer systems.
Nairobi emerged as the country’s cybercrime hotspot, recording the highest number of digital crime cases, followed by incidents reported in Nyanza, Eastern, Rift Valley, Central, Coast and Western regions.
The findings were presented to Principal Secretary for Internal Security and National Administration Dr Raymond Omollo, who chairs the NC4.
While receiving the report, Dr Omollo said the findings come at a crucial time following Parliament’s approval of the National Cybersecurity Agency (NCSA), which is expected to strengthen the country’s ability to protect critical information infrastructure and coordinate responses to emerging cyber threats.
According to the report, Nairobi accounted for the largest share of cybercrime cases due to its high volume of digital transactions and concentration of both public and private sector institutions. Common offences reported in the capital included intentionally withholding electronic payments delivered erroneously, unauthorised access to computer systems, computer fraud and cyber harassment. Cases of identity theft, impersonation and unauthorised interference with computer systems were also reported.
In Nyanza, cyber harassment topped the list of reported offences, alongside identity theft, impersonation, unauthorised access to computer systems and unauthorised interference with digital infrastructure. The region also recorded cases involving child pornography, fraudulent use of electronic data, possession of illegal devices and access codes, and withholding electronic messages delivered erroneously.
Eastern region reported high numbers of computer fraud cases, cyber harassment and unauthorised access to computer systems with the intent to commit further offences.
While Rift Valley recorded a decline in computer fraud compared to the previous year, the region experienced a notable increase in cases involving the intentional withholding of electronic messages delivered erroneously. Other offences reported included cyber harassment, wrongful distribution of intimate images without consent and unauthorised access to computer systems.
In Central Kenya, authorities recorded offences spanning child pornography, computer forgery, cyber harassment, identity theft, impersonation and the non-consensual distribution of intimate images.
At the Coast, computer fraud and cyber harassment were the most common offences, while Western Kenya reported high numbers of cyber harassment and unauthorised interference with computer systems.
In response to the growing threat, the committee resolved to engage key sectors including banking, telecommunications, aviation and energy to strengthen cyber defences and improve resilience against attacks.
The committee is also developing a Rapid Reference Guide aimed at standardising investigations and prosecutions of cybercrime cases across the country.
The briefing was attended by NC4 Director Dr James Kimuyu, Data Protection Commissioner Immaculate Kassait and representatives from the Ministry of Information, Communications and the Digital Economy, the Communications Authority of Kenya, the Directorate of Criminal Investigations, Kenya Defence Forces, National Intelligence Service, Central Bank of Kenya, the Office of the Director of Public Prosecutions and eCitizen.
The report highlights the increasing risks facing Kenya’s digital economy as businesses, government services and financial transactions become increasingly reliant on technology, underscoring the need for stronger cybersecurity measures and public awareness.