By Allan Juma, Lead Cyber Security Engineer at ESET
Editor’s Note: This article is part of TechArena Executive Insights, a curated series featuring perspectives from industry leaders across Africa’s digital economy. The views expressed are those of the author.
Kenya’s financial sector operates in one of the most dynamic digital economies in Africa. This economy, according to GSMA, will contribute KSh 662 billion to the gross domestic product by 2028, with growth driven by digitalisation in agriculture, manufacturing, transport and trade. Mobile money platforms, digital lending, online banking and real-time payments have transformed access to financial services.
Kenya’s Communications Authority (CA) reports that by the end of June 2025, there were 47.7 million active mobile-money subscriptions, corresponding to a mobile-money penetration rate of 91.0% of the population. Banks have responded with mobile and online banking platforms that sit on top of card, account and mobile-money rails, allowing customers to pay bills, move funds between bank and wallet, and initiate transfers from smartphones rather than branches. This has reduced reliance on physical infrastructure and extended formal banking services into segments that primarily interact via agents and phones, effectively overlaying financial products on the mobile-money ecosystem.
This advancement has transformed access to banking services and maintains Kenya’s leadership role in mobile banking and innovative digital services. It has also increased its vulnerabilities with an expanded attack surface that puts the sector and its compliance at risk.
This compliance is defined by a framework of regulatory expectations, reporting obligations and mandated controls. Boards are required to demonstrate oversight, risk committees need to prove monitoring is actively taking place, and security teams have to implement safeguards and document processes. The Data Protection Act and its regulations plus Office of the Data Protection Commissioner guidance requires that companies notify of a personal breach within 48 hours of becoming aware of it, and of a notifiable breach within 72 hours.
These strict regulatory windows and requirements create a sense of assurance. Controls are documented, policies are updated and audits are passed, but they don’t quite answer one of the most important questions facing financial institutions when it comes to the threat landscape today. Are these controls aligned to the threats active today?
Compliance frameworks outline what the company has to protect and their specific access management, encryption, segregation of duties and incident response. They rarely describe what threats are targeting institutions, what fraud techniques are evolving within the mobile money ecosystem, or how ransomware groups are adapting their tactics to overcome these compliance frameworks. Fraud, ransomware and data breaches now directly impact liquidity, customer trust and regulatory confidence; these risks make threat intelligence absolutely essential.
Threat intelligence is the structured collection and analysis of information about adversaries, their capabilities, their motivations and their methods. It connects external context to internal risk by answering practical questions like: What fraud campaigns are circulating in the region? Are local customers being targeted with impersonation scams? Have similar institutions experienced credential harvesting attempts or ransomware intrusions.
In Kenya’s mobile-first environment, the answers provide context. SIM-swap fraud and mobile money abuse illustrate how attackers exploit identity verification processes and customer behaviour patterns. Deepfake-enabled investment scams show how quickly misinformation can influence customer trust and trigger financial losses. Recent threat-intel data from ESET reports that the Nomani investment scam grew by about 62% in 2025, with more than 64,000 unique malicious URLs blocked over the year, while ransomware groups continue to evolve their tools and tactics.
What threat intelligence brings to the business is a deeper level of control. It helps to define what the organisation needs to protect, and which business processes are the most exposed. It also combines multiple sources, including global research, regional analyses of fraud patterns, monitoring underground forums where stolen data is traded, and collaboration with industry peers and law enforcement.
Threat intelligence is the missing link between regulation and resilience. It connects the intelligence with action, informing risk assessments, security investment decisions, and testing. It also allows financial institutions to pivot and adapt to the crime – if ransomware actors are exploiting specific remote access vulnerabilities, patching and monitoring can be prioritised; if there’s an increase in SIM-swap events, banks can strengthen identity verification processes and customer awareness campaigns.
In the high-risk compliance environment of financial services, threat intelligence takes regulation and governance processes to a point of responsiveness. Moving the institution from static compliance to adaptive resilience and providing organisations with an accurate understanding of the threats. Without this lens, companies are driving blind in a digital world that’s trying everything it can to get inside.
