Kenyans lost an estimated Sh29.9 billion to cybercrime between July and September 2025 alone, exposing the scale of a threat that is increasingly hitting citizens through everyday financial transactions.

New findings from a GeoPoll report, 'Connected & Concerned: Cybersecurity and Data Protection in Kenya', show cybercrime is no longer a distant or technical concern, but a widespread and personal risk driven largely by the country’s heavy reliance on mobile money.

With more than 30 million users and more than $50 billion in annual transactions, M-Pesa has become central to Kenya’s economy.

Read Also
Red hot Omanyala to orchestrate Kenya's 4x100m charge at World Relays today Athletics
Cup pressure peaks as Shabana host Kenya Police in blockbuster quarter-final Football
Upper Hill coach Walgwe unperturbed despite drawing giants in Prescott Cup group phase Rugby

It has, however, also become a prime target for fraudsters exploiting SIM-swap schemes, stolen credentials and social engineering tactics.

More than half of respondents (54 per cent) said they have experienced mobile money fraud, while 61 per cent reported phishing attacks and 31 per cent account hacking.

Enjoying this article? Subscribe for unlimited access to premium sports coverage.
View Plans

Three in four said they personally know someone who has been a victim.

The report says this places cybercrime firmly in the category of a mainstream risk.

“This is not a marginal issue — it is embedded in everyday financial life,” the report notes.

The financial impact at the household level is widespread, even if often understated. About 37 per cent of respondents said they had lost money to a cyber incident in the past year.

While most losses (74 per cent) were below Sh5,000, the report warns the frequency of such incidents compounds their economic toll.

Six per cent of victims reported losing more than Sh50,000, pointing to the growing severity of some attacks.

Victims typically lose money through online scams, cryptocurrency scams, pension fund schemes, supposed retail deals, employment email scams, AI investment and trading bots, subscriptions and celebrity endorsements.

The report also highlights gender differences, with 40 per cent of men reporting financial loss compared to 34 per cent of women.

The threats Kenyans face online, beyond mobile money fraud, include phishing, account hacking, stalking and harassment, identity theft and bank fraud.

The findings reinforce earlier data showing a sharp rise in mobile money-related losses. A 2021 FinAccess survey found the proportion of users reporting losses, including mistaken transfers, had jumped from 8.4 per cent in 2019 to 47.4 per cent in 2021.

Despite the scale of the threat, Kenya stands out for relatively strong user awareness of basic cybersecurity practices. The report found that 78 per cent of respondents use strong passwords, while 52 per cent have adopted two-factor authentication, a figure significantly above global averages.

This is attributed to widespread exposure to security features across mobile money and banking platforms, suggesting that Kenya’s digital finance ecosystem has helped shape more security-conscious behaviour.

However, this awareness has not fully translated into safer practices. The report identifies a persistent gap between knowledge and behaviour, with many users still reusing passwords or sharing personal contact information — vulnerabilities that fraudsters continue to exploit.

“The awareness–behaviour gap remains a critical weakness,” the report states, calling for more practical, action-oriented public education.

The report argues that Kenya’s cyber threat landscape is unique and cannot be addressed through generic global frameworks. The dominance of mobile money has created a distinct risk environment, particularly around SIM-swap fraud and social engineering.

It calls for coordinated action from regulators and industry players, including the Central Bank of Kenya, Safaricom and telecommunications operators. Recommended measures include stricter Sim registration processes, improved fraud detection systems and faster response mechanisms for victims.

Public appetite for solutions appears strong. Nine in 10 respondents said they want to learn more about protecting themselves online, signalling an opportunity for targeted cybersecurity education, especially content tailored to local contexts and languages.

At the same time, trust in institutions remains fragile. Only 47 per cent of respondents said they trust companies to handle their personal data responsibly.

The report points to enforcement of the Data Protection Act and oversight by the Office of the Data Protection Commissioner as key to rebuilding confidence.

Without stronger safeguards, the research warns, cybercrime risks eroding the gains Kenya has made in financial inclusion.

INSTANT ANALYSIS

Kenya lost an estimated Sh29.9 billion to cybercrime between July and September 2025, highlighting the growing scale of digital fraud. A GeoPoll report shows cybercrime is now widespread, with 54 per cent of respondents experiencing mobile money fraud and 37 per cent losing money in the past year. The country’s heavy reliance on M-Pesa has created new vulnerabilities, particularly through SIM-swap scams and social engineering.