82% of African organisations report difficulty recruiting skilled cybersecurity professionals, the highest rate in the world, as East Africa recorded more than 842 million cyber threat events between July and September 2025 alone. With mobile money transactions accounting for 53% of Kenya’s GDP, the talent gap has crossed from an IT problem into a macroeconomic risk.
- Kenya lost $83 million to cybercrime in 2023. Central Bank of Kenya data show mobile banking fraud cases jumped 87% in the most recent reporting period, driven by social engineering, credential theft, and SIM-swap schemes. Healthcare ransomware incidents surged 95%.
- 60% of East African organisations report facing AI-enabled attacks, yet only 7% have deployed AI-driven defences and just 6% have enterprise-wide data controls strong enough for safe AI usage.
- Only 29% of East African firms conduct regular tabletop exercises, meaning most leadership teams have never simulated a real incident despite ranking cyber risk as a top strategic priority.
- In Uganda, attackers used 2,000 SIM cards to drain UGX 11 billion ($3 million) across MTN, Airtel, and Stanbic Bank simultaneously, exposing a critical gap: the middleware connecting banks to mobile wallets is largely unregulated, meaning a single API vulnerability can cascade into a system-wide crisis.
- 74% of regional businesses rank cyber risk as a top strategic priority, yet the gap between stated concern and operational readiness remains wide, a pattern the SmartComply report describes as performative compliance.
The talent shortage sits inside a broader structural problem. As Kenya’s CyberGame 2026 launch highlighted, the country lost KES 29.9 billion to cybercrime in a single quarter of 2025, a figure that underscores how fast the threat is outpacing domestic capacity to respond. The SmartComply analysis reframes the goal from zero breaches to system-level resilience, arguing that East African economies need to build domestic talent pipelines, enforce API governance across the mobile money stack, and treat identity verification as critical national infrastructure. M-PESA CISO Tim Theuri put it plainly: most organisations have not yet rehearsed what failure actually looks like, which means their preparedness is theoretical.
The Bigger Picture: East Africa’s digital economy is growing faster than its defences. Mobile money now moves more than half of Kenya’s GDP through systems protected by teams that are chronically understaffed and under-equipped for autonomous AI-driven attacks. The 842 million threat events recorded in a single quarter is not a warning sign, it is a current reality. The region’s CEOs who treat cybersecurity as an IT line item rather than a board-level strategic risk are making the same mistake Kenya’s banks made before the SIM-swap losses started compounding. Countries that close the talent gap, regulate the middleware layer, and drill their response teams will be the ones that retain investor confidence when the next major breach hits.
Source: Kenyan Wall Street
