Kenya Cyber Security Report 2015
“Improve our understanding of society and our cyber
that the main consequence of the cybercrime action was
community” scored the next highest in the very important
inconvenience (50% of respondents).
category (22% viewed this as very important), while
“better laws and regulations” were viewed as very
Another very visible problem is the relatively low reporting
important by only 6%. Most respondents, however, rated
rate of cybercrime to the Police (73% of cybercrime cases
“Better metrics and statistics on cybercrime” as their 3rd
not reported) and/or national CERTs (74% of cybercrime
choice after selecting their top choice of topic for more
cases not reported). This is followed up by a low successful
research.
prosecution rate: only about 10% of the cases were
successfully prosecuted.
Indeed, the above responses seem to correlate with
the response to another question, concerning training
Information sharing in general was found to be a problem
within their organisation: 64% of respondents were not
(only 27% respondents said they or their organisation
trained in cybersecurity issues at all or only if there was
shared information on cyber-attacks) - an issue that also
a problem (note: we included “don’t know” responses
hinders effective measurement of cybercrime.
in this category as well). Even though many respondents
considered cybercrime to be a concern and many
Overall, however, the initial findings appear to confirm
had been victims either personally or as part of their
that there is a tangible need for better definitions, metrics
organisation (as many as 78%) most respondents declared
and statistics for cybercrime together with more training.
Survey Findings and Risk Groupings
1
20%
while
LACK
cyber security budgets
2
3
20% respondents LACK sufficient cyber
security budgets.
28%
61%
Allow BYOD
79%
Allocate
LESS than Kshs.100,000
Although 61% allow BYOD an alarming 59% LACK
policies and procedures to manage them.
59%
21% of the organisations are NOT concerned
about cyber crime.
While
Concerned about cybercrime
in their organisations
4
21%
NOT at all concerned
87% agree cybercrime is a real issue in the
organisation
87%
Agree cybercrime
13%
Not an issue
is a real issue
Lack policies or
procedures
23