The Communications Authority of Kenya (CA) reports that internet use in the country reached a new peak of 70 million mobile data subscriptions in the first quarter of 2025, showing a slight but steady increase from 68.9 million in the previous quarter.
This growth stems from the growing demand for high-speed connection and the availability of more affordable smartphones in Kenya and across Africa. More people now own modern devices that support faster internet, allowing them to do more online — like streaming, remote working, or mobile banking. In addition, this has opened up new opportunities for businesses to improve their services and embrace digital solutions.
However, these benefits do not come without drawbacks. Kenya’s rapid digital transformation over the past few years has also exposed the country to heightened cybersecurity risks. With the country’s growing reliance on online platforms, specifically in banking and financial services, its digital infrastructure is becoming increasingly vulnerable to cyberattacks.
In fact, another report by the CA revealed the country lost approximately KES 10.8 billion (about $83 million) to cybercrime in 2023 alone, the second highest in Africa. This indicates the need to enhance the finance sector’s cybersecurity to protect individuals and businesses in the country – and they must do it fast.
In this guide, you will learn about the current threats and risks in Kenyan banking and how modern tools like board management software can help mitigate them.
The Current State of Cybersecurity in Kenyan Banking
Kenya’s financial industry has tackled fraudulent activities for decades. But the stakes have never been this high as the new breed of criminals is consistently finding new methods for exploiting weaknesses–particularly in the digital space. The Cyber Security Report 2024 issued by the CA highlighted a staggering 42.01% increase in brute force attacks and 6.13% in malware threats from the previous quarter resulting from the rise of artificial intelligence technologies. These attacks have inflicted heavy financial damages on not just financial institutions but also government bodies and eroded public trust.
Equity Bank’s Insider Fraud Case
One of the most notable cases involved Equity Bank, Kenya’s second-largest bank. In 2024, a massive insider fraud hit the bank, losing a whopping KES 1.5 billion ($10 million). The money was transferred to multiple accounts through forty-seven separate transactions, with no matching entries on the bank’s ledger. Although immediately flagged, there was no way to reverse the transfers, as everything was processed and cleared online.
Investigations revealed that the transactions had been approved using a manager’s credentials, and the funds were then moved into newly opened accounts under freshly registered businesses. Thus making it even harder to track. In the end, the authorities arrested the manager and his father, who turned out to be an accomplice. This case is a stark reminder of how easy it is to take advantage of the system when you have the right access and inside connections.
I&M Bank’s Fraud Scheme Case
In another case relating to Kenyan banks’ cybersecurity state, I&M Bank suffered the same fate as an insider fraud scheme rocked the organisation. It was revealed that the former operations manager was behind the crime, allegedly embezzling KES 27.14 million. An internal audit uncovered discrepancies in the cash vaults, which showed that lower denomination notes were being disguised as KES 1,000 bills, thus misrepresenting the branch’s cash holdings and ATM balances. This is yet another incident that highlights the weaknesses in Kenyan bank procedures and underscores the importance of tighter internal controls.
Following the series of successful cyberattacks, Equity Bank and other major banks in the country have intensified their cybersecurity measures. Several Kenyan banks have implemented additional security layers, such as one-time PINs for mobile and Internet banking services, to protect customers’ funds and personal information.
Cybersecurity in Banking: Cyberthreats and How to Address Them
In addition to insider threats, Kenyan financial institutions are battling with external cybersecurity challenges, including:
Ransomware Attacks
Ransomware attacks have become an increasingly prevalent threat in Kenya and its neighbouring countries. A 2022 report highlighted that, of all the cyberattacks recorded across Kenya, South Africa, and Zambia, 90% of the successful breaches targeted large enterprises in Kenya. The report further revealed that the most commonly used methods of attack were phishing and spam campaigns, leading to compromised passwords, data breaches, and the deployment of ransomware. The same report noted that 61% of the companies surveyed attributed the attacks to their current remote or hybrid working arrangements, which have created new vulnerabilities in network security.
Cloud Security Risks
As more and more financial institutions migrate to cloud environments, the risks associated with cybersecurity double in size and gravity. Unfortunately, many of these organisations fail to assess cloud security prior to the transition. Hence, facing issues such as misconfiguration and insecure application programming interfaces (APIs) in cloud platforms. Setups like this may give attackers the opportunity and the confidence to target their cloud infrastructure, gaining unauthorised access to sensitive business data and client banking details.
Supply Chain Attacks
Banking institutions often rely on external parties for assistance in software development, data management, and payment processing. These vendors’ security risks can become gateways for cyberattacks. A World Bank report shows that the use of third-party suppliers in the financial services industry in Africa poses increasing risks for supply-chain compromises.
Insider Threats
Threats from within the organisation are a huge concern. If an employee or anyone with access to company systems or IoT devices misuses that power (like in the Equity Bank fraud incident), it can easily open doors to all kinds of vulnerabilities. Imagine a mix of weak security on IoT with the potential for insider attacks—that’s certainly a recipe for disaster.
Here’s what the Kenyan government and organisations have been doing to combat these risks and strengthen the country’s cybersecurity in banking:
- Strengthening regulatory frameworks: Aligned with the Computer Misuse and Cybercrimes Act of 2018, which remains the fundamental guide for regulating online behaviour in Kenya, the government has launched the National Cybersecurity Strategy. This new approach by the National Computer and Cybercrimes Coordination Committee (NC4) will act as the roadmap to address emerging threats in the cyber landscape. It will encompass six strategic pillars, including cybersecurity governance and capacity-building. The vision is to create a safe cyberspace for the people of Kenya.
- Promoting cybersecurity awareness and education: Kenya recognises that technology alone cannot address security challenges. To better equip Kenyans with the digital skills they need, the nation is investing in education and awareness initiatives. Smart Academy, ICT Authority’s training school, has launched numerous training programs that help Kenyans be digitally literate, intending to support Kenya Vision 2030.
- Implementing robust cloud security measures: To protect sensitive data, enterprises should look into cloud access security brokers (CASBs), secure access service edge (SASE) solutions, and other cloud-native security tools. Likewise, to lower the risks of data breaches, organisations are advised to implement a zero-trust security model, which assumes that no user or device is trusted by default.
- Obtaining cyber insurance: Similar to life or car insurance, cyber insurance is vital for safeguarding organisations against the financial repercussions of a cyberattack. Since banks are often the target of these attacks, cyber insurance has become a big part of many financial institutions to protect themselves online. It helps lower financial risks in the event that hackers get their hands on important customer information, like credit card details.
- Investing in modern tools: Good cybersecurity management and oversight matter just as much as the rules themselves, and investing in board management software is a smart move to boost the security and decision-making of Kenyan banks. This software can significantly contribute by offering a centralised platform for monitoring incidents and compliance efforts, thereby improving communication and collaboration among top-level management.
How Board Software Can Help Mitigate Cyber Threats in Kenyan Banking
As Kenya sets its sights on becoming a tech-driven economy by 2030, financial institutions are under increasing pressure to adapt and ensure their protective measures keep up with the digital transformation. One area often overlooked in the rush to go digital is governance, especially when managing board meetings, documents, and decisions.
Like any other business, Kenyan banks need an efficient and secure way to manage their governance processes. This is where board management software steps in. By prioritising better board technology, organisations can look forward to:
Secure and Efficient Document Management
Board portals, like Convene, offer a secure, all-in-one platform with robust access controls and a protected document repository. This centralises communication and document storage, reducing reliance on email and ensuring authorised access to sensitive information. With a dedicated digital workspace, it enables secure document collaboration through features like online and offline annotations and review rooms, streamlining feedback and decision-making. Boards can securely share, store, and access critical documents, minimising the risk of data breaches or lost information while maintaining confidentiality.
Compliance and Risk Management
This software also supports compliance with regulatory requirements by facilitating secure storage and retrieval of meeting minutes, policies, and financial reports. This organised documentation simplifies audits and demonstrates adherence to cybersecurity standards like the Financial Sector Regulation Act (FSRA)–whose primary objective is to promote the soundness of financial institutions–lowering the chance of fines, harm to name, or legal trouble that can come from non-compliance.
Multi-Level Security Features
As an added layer of security, board software uses top-tier encryption methods to protect documents and sensitive information both during storage and while it’s being transmitted, ensuring confidential data remains private and shielded from cyber threats. This avoids hacking incidents or data falling into the wrong hands. But the security doesn’t stop there. Many platforms go even further by offering customisable security options, allowing boards to fine-tune access controls, authentication methods, and permissions according to specific needs and roles.
To boost data protection even further, board portals also offer flexible hosting options to guarantee that client data is protected on all levels. Convene, for example, teamed up with Amazon Web Services (AWS) to tap into their top-notch security infrastructure. This means Convene’s cloud platform is hosted in ISO-certified (ISO 9001, 27001, 27017, and 27018) and AICPA (SOC 1/2/3) compliant facilities across the globe, all undergoing regular audits under the SSAE-18 standards.
Traceability and Accountability
Accountability and transparency are key when it comes to effective board governance. Board portals ensure that every action and decision is traceable, maintaining a complete record of all activities, from past meetings to materials and actions taken–and by who. This audit trail helps keep the board accountable and transparent.
Another feature that enhances accountability is the ability to integrate digital signatures. With this functionality, board members can sign documents securely and electronically, sans geographical barriers. Not only does this streamline the approval process, but it also ensures that every signature is legally compliant, making the whole process more efficient and secure.
Fortify Cybersecurity Defenses in Kenyan Banks with Convene
Kenyan boards do more than keep the organisation running and ensure cybersecurity is intact. With the amount of work they need to put in to manage meetings, approve documents, and oversee operations, worrying about whether they have a safe space to communicate and collaborate may seem like an added burden. It doesn’t have to be.
Convene, one of the leading board management software, is designed to boost board operations. From facilitating board meetings to simplifying decision-making, Convene helps banks and other financial institutions improve governance while ensuring safe and seamless collaboration. A representative from WAICA Reinsurance Zimbabwe, one of Convene’s long-time clients in the finance industry, shared, “Convene makes it easy to conduct our meeting. It arranges the papers well so that meetings go smoothly.”
Discover other helpful features of Convene. Contact us today to schedule a one-on-one walkthrough with one of our product experts.
Jess is a Content Marketing Writer at Convene who commits herself to creating relevant, easy-to-digest, and SEO-friendly content. Before writing articles on governance and board management, she worked as a creative copywriter for a paint company, where she developed a keen eye for detail and a passion for making complex information accessible and enjoyable for readers. In her free time, she’s absorbed in the most random things. Her recent obsession is watching gardening videos for hours and dreaming of someday having her own kitchen garden.
- Connect:
-
