Financial Crime World

Kenya’s Cybersecurity Framework: A Comprehensive Approach to Securing Digital Economy

In recent years, Kenya has taken significant strides towards driving digital transformation by introducing a comprehensive cybersecurity framework. The National Cybersecurity Strategy (2022-2027) outlines a viable framework for bolstering a secure and resilient cyberspace, ensuring maximum benefits from the digital economy.

A Comprehensive Framework

The strategy emphasizes the government’s commitment to working with stakeholders at national and international levels, recognizing the cross-cutting nature of cyber threats. Kenya has already made significant progress in this regard, with the Computer Misuse and Cybercrime Act (2018) providing a comprehensive framework for combating cybercrime.

Strengthening Governance

To further strengthen cybersecurity governance, policies, laws, regulations, and standards, the government is working on formulating draft regulations to operationalize the CMCA. This presents an opportunity for multistakeholder engagement, ensuring that the country’s cybersecurity policies and frameworks are effective and responsive to emerging threats.

Capacity Building and Cybersecurity Skills

Cybersecurity capacity building has become a growing priority, with the need for clarification on what it means in practice. Kenya is taking steps to address this gap by providing training and expertise to government agencies, as well as promoting in-country cybersecurity research and development.

  • The government’s commitment to establishing a cybersecurity “Centre of Excellence” and developing more local cybersecurity specialized experts is laudable.
  • However, an audit of cybersecurity skills within government agencies, particularly those responsible for public-facing digital services, is essential.

Private Sector Assistance

The private sector can play a crucial role in addressing Kenya’s cybersecurity capacity gap by providing training and expertise to government agencies. However, the government should establish mechanisms for resourcing its cybersecurity skills needs, rather than relying solely on private sector support.

Conclusion

Kenya’s digital superhighway plans are ambitious, but they come with challenges and near-term risks. Cybersecurity and resilience must be prioritized to ensure trust in and reliability of the country’s digital financial infrastructure.

  • The government should leverage multistakeholder avenues to take stock of cybersecurity measures in place for its own systems, as well as those affecting critical sectors like finance, energy, and transportation.
  • By doing so, Kenya can effectively identify insights on improvements and iterations to be made in its cybersecurity framework.