Kenya’s financial sector is facing a new kind of heist—one that doesn’t involve masks, getaway cars, or armed robbers. Instead, it’s silent, fast, and devastating: cybercrime. In 2024 alone, hackers siphoned off KES 1.59 billion from bank customers. By 2025, the scale of attacks had become staggering. According to the Communications Authority of Kenya, 2.54 billion cyber threats were detected in just the first quarter of the year, rising to a record 4.6 billion in the last quarter.
Against this backdrop, the Central Bank of Kenya (CBK) has moved to plug the widening security gap with the launch of the Banking Sector Cybersecurity Operations Centre, a new hub designed to fight back against increasingly sophisticated attackers.
Why CBK had to act now
The numbers speak for themselves. The billions of cyber threat attempts detected in 2025 reflect not only the volume but also the sophistication of attacks. In many cases, criminals exploit gaps in outdated banking systems, weak authentication processes, or unsuspecting customers.
For ordinary Kenyans, the stakes couldn’t be higher. A hacked mobile wallet or compromised online account doesn’t just mean inconvenience—it can mean school fees lost, business capital wiped out, or retirement savings gone in seconds.
What the Cybersecurity Operations Center brings to the table
Housed within CBK’s Cyber Fusion Unit, the new center is more than just a monitoring station. It will provide:
- Cyber threat intelligence – to predict and identify new attack patterns.
- Incident response – to contain breaches in real-time.
- Digital forensics – to trace the origins of attacks.
- Cyber investigations – to build stronger cases against criminals.
The initiative aligns with the Computer Misuse and Cybercrime Regulations, 2024, and fits into CBK’s Strategic Plan (2024–2027). Together, these frameworks set out a tougher, more coordinated approach to defending Kenya’s financial sector.
The compliance shift
Alongside the center, CBK is harmonizing its earlier regulations: the 2017 Commercial Banks Cybersecurity Guidelines and the 2019 Payment Service Providers Guidelines. For now, however, banks, payment providers, and fintechs must comply with both the old and new rules—while also reporting any cybersecurity incidents to the center within strict timelines.
This dual compliance may feel like a burden, especially for smaller players, but CBK argues it’s necessary to close loopholes while the new system is phased in. The ultimate goal is a single, streamlined regulatory framework that keeps pace with cyber threats.
The Road Ahead
The launch of the Cybersecurity Operations Center a big step forward, but it is not a silver bullet. Cybercriminals evolve quickly, often faster than regulators and institutions can respond. The success of the center will depend on collaboration, rapid incident reporting, and ongoing investment in cybersecurity infrastructure and skills.
For everyday Kenyans, this is an assurance that the fight against digital theft is being taken seriously at the highest level. If CBK and the industry can keep pace with attackers, the Cybersecurity Operations Center could mark a turning point in making digital banking safer and more trustworthy.
Discover more from Techish Kenya
Subscribe to get the latest posts sent to your email.
