Cybercrime shadows Kenya’s mobile money revolution

The same digital rails that have proven vital in driving Kenya’s financial inclusion are now creating more attack avenues for hawk-eyed cybercriminals, who are tapping emerging technologies to cause harm.
The rapid uptake of mobile money systems across Kenya is powering financial inclusion like never before, but this digital transition is also grappling with a fast-rising issue that threatens to wipe out its gains—cybercrime.
An analysis of industry reports for the three months to March shows that Kenya recorded over 2.5 billion cyber threats, reflecting a 201.7 percent surge from the previous quarter’s 840.9 million cases, according to the National Kenya Computer Incident Response Team Coordination Centre (KE-CIRT/CC).
The strong increase in threats coincides with an equally sharp uptick in the usage of mobile money platforms, which have evolved to become the drivers of government business as well as the country’s informal and formal economies.
Latest data from the Communications Authority of Kenya. (CA) shows that mobile money subscriptions increased by 7.3 percent to 45.4 million users between January and March 2025 — translating to a strong penetration rate of 86.6 percent.
At the moment, services such as Safaricom PLC’s M-PESA, Airtel Money, and Equitel are now at the core of day-to-day transactions for individuals in remote villages to industry captains in corporate boardrooms in the cities, powering everything from cashless trade and savings to micro-loans and insurance.
However, the same digital rails that have proven vital in driving Kenya’s financial inclusion are now creating more attack avenues for hawk-eyed cybercriminals, who are tapping emerging technologies to cause harm.
Increase in use of artificial intelligence (AI)
“The increase in detected cyber threats can be attributed to the increase in use of artificial intelligence (AI) and machine learning (ML) technologies, inadequate patching of information systems, low levels of awareness about different threat vectors such as phishing and other types of social engineering attacks, hacktivism, among others,” KE-CIRT/CC report explains.
The bulk of the attacks were aimed at the ICT sector — targeting vulnerable database servers, operating systems, and user credentials held by ISPs and cloud service providers.
Additionally, the analysis shows that system vulnerabilities also went up by a jaw dropping 228.3 percent, even as brute-force and malware forms of cyberattacks declined slightly.
Alarmingly, as SIM card subscriptions hit 76.2 million and smartphone connections rose to 42.3 million, many new users — particularly in rural areas — are adopting digital financial services albeit with inadequate digital literacy. This leaves them exposed and, therefore, vulnerable to phishing scams, allure of fake mobile apps, victims of SIM swap fraud, and other sophisticated cyberattacks.
Meanwhile, mobile money agents grew to over 417,000, further expanding the reach of digital payments — and, ironically, the potential reach of cybercriminals.
This digital paradox is clear: Kenya’s impressive mobile penetration (143 percent) is both a story of empowerment and exposure. Online crimes nearly doubled to 3.5 billion incidents in 2024, raising serious questions about data privacy, system security, and user awareness.
Even digital identity is under strain. While corporate domain (CO.KE) registrations rose modestly, personal domains (ME.KE) dipped by 89.5 percent, a shift analysts attribute to growing individual privacy concerns.
As Kenya positions itself as a tech leader in Africa, experts warn that digital growth without cyber resilience is unsustainable. “Financial inclusion without cybersecurity is a ticking time bomb,” the report warns.
The CA is now calling for stronger investment in secure infrastructure, affordable smart devices, and digital hygiene campaigns. It’s also urging collaboration between telcos, regulators, and financial institutions to ensure Kenya’s digital economy remains not only accessible — but safe.