The 2026 AI & Cyber Frontier Report by digital trust and cybersecurity firm Smartcomply warns of a widening “execution gap” across the region. Awareness of cyber risk has not yet translated into operational resilience.
Kenya accounts for 68% of East Africa’s total digital attack surface. The good news is successful breaches remain relatively low at 0.3%. This shows the country has implemented stronger defensive controls. Between April and June 2025 alone, more than 4.5 billion cyber threat events were recorded in Kenya.
The report estimates Kenya lost approximately KES 29.9 billion (about $230 million) to cybercrime in 2025.
Effects of AI
The report has also revealed that artificial intelligence is a major accelerant of cyber risk. It notes that 60% of organisations globally believe they have already been targeted by AI-enabled attacks. Even with that, only 7% have successfully deployed AI-driven defensive systems.
In East Africa, identity-based attacks such as phishing, credential theft, and business email compromise now account for nearly half of observed incidents. Mobile banking fraud in Kenya surged by 87% in the latest reporting period. Tanzania, on the other hand, recorded a 317% increase in deepfake-related fraud attempts.
“Artificial intelligence has fundamentally changed both the velocity and the veracity of threats,” said Tim Theuri, CISO at M-PESA, as cited in the report. “It has lowered the threshold for executing a cyber attack.”
According to the findings, 74% of organisations in East Africa rank cyber risk as a top strategic priority, significantly higher than the global average of 57%. However, only 29% conduct regular tabletop exercises to simulate cyber incidents.
“Most organisations know cyber risk is a top threat, but very few have rehearsed what failure actually looks like,” the report notes.
The report argues that cyber risk in East Africa has evolved beyond technical disruption into economic infrastructure risk.
Mobile money transactions in Kenya account for over 53% of GDP. East Africa hosts approximately 459 million mobile money accounts. A cyber incident can disrupt livelihoods at scale as governments digitise identity systems, tax platforms and public services.
The report also highlights structural blind spots within the region’s API-driven fintech ecosystem. In Uganda, attackers exploited an unregulated middleware aggregator in the Pegasus Technologies breach. They were able to siphon $3 million across banks and telecom operators.
Smartcomply argues that the next phase of cyber maturity in East Africa will depend less on new regulations and more on execution. This might include realistic simulations, system-level coordination and embedding security by design.
“Resilience improves when organisations plan for failure instead of assuming stability,” said Gbemisola Osunrinde, CEO of Smartcomply.
The report concludes that in East Africa’s fast-scaling digital economy, trust will ultimately determine long-term growth.
For these and more stories, follow us on X (Formerly Twitter), Facebook, LinkedIn and Telegram. You can also send us tips or just reach out on info@techarena.co.ke.
Also Read: Smartcomply Enters East Africa with High-Level AI and Cybersecurity Summit in Nairobi