Skip to content
Business

Safaricom’s Advanced Security Slashes Business Attacks by 90% as National Threats Hit 4.6B

At its 2025 Cybersecurity Summit, the telco argued that a “zero trust” and “secure by design” philosophy is the only way to survive, as government data reveals a tidal wave of attacks.

Safaricom hosted its 2025 Cybersecurity Summit in Nairobi today, setting a stark scene for Kenya’s digital landscape: according to the Communications Authority (CA), the country faced a staggering 4.6 billion cyber threats in the second quarter of 2025 alone.

Against this backdrop, the company made a bold claim: its own advanced security measures have reduced cybersecurity incidents for its business customers by nearly 90%.

β€’ 𝐭𝐞𝐜𝐑-π‘–π‘ β„Ž@TechishKenya
We are attending the @SafaricomPLC Cybersecurity summit 2025.

Theme: Powering Progress. Securing Growth.

Follow the conversation using tag: #SafaricomCyberSecuritySummit2025
9:21 AM Β· Nov 13, 2025

Safaricom attributed this success to its Managed Security Operations Centre (MSOC), a 24/7 command center that provides real-time threat detection and response for its enterprise clients.

But the central message from the company’s leadership wasn’t a product pitch; it was a forceful call for a fundamental change in philosophy.

“The old reactive models are failing,” said Nicholas Mulila, Safaricom’s Chief Corporate Security Officer. “We have moved past simple prevention. Today, cyber-resilience is greater than prevention, and a zero-trust architecture is the new baseline.”

Amid 4.6B national threats, Safaricom claims its "Zero Trust" strategy cut business cyber-attacks by 90%.

Mulila argued that organisations must move from a “prevention-only” mindset to three core principles:

  1. Secure by Design: This means embedding security into a product’s DNA from the initial concept stage, not trying to bolt it on after it’s built.
  2. Zero Trust: The new baseline posture is, “Don’t trust anyone.” Mulila urged for stricter identity controls and “least-privilege access,” meaning systems and people should only have access to the absolute minimum they need to function.
  3. Resilience Over Prevention: Mulila framed success not as stopping every attackβ€”which he suggests is impossibleβ€”but as reducing the impact and dramatically accelerating the recovery time after an incident occurs.

The brutal irony, Mulila pointed out, is that despite the growing sophistication of attacks like ransomware, many of the most damaging breaches still stem from basic, avoidable vulnerabilities: weak passwords, unpatched software, and poor collaboration within organisations.

Safaricom’s push for a new security model received a strong endorsement from the government.

Eng. John Tanui, Principal Secretary for the State Department for ICT and the Digital Economy, stated that the national strategy has evolved to mirror this approach. “Our national cybersecurity strategy has evolved from being reactive… to a proactive β€˜security by design’ approach,” Tanui said, adding that “it is critical to apply AI and Machine Learning to detect and tackle cyber threats.”

β€’ 𝐭𝐞𝐜𝐑-π‘–π‘ β„Ž@TechishKenya
@Fortinet @NETSCOUT @Huawei @KnowBe4 β€œKenya’s digital progress is fundamentally dependent on our digital trust… our strategy must shift from damage control to a more productive security by design approach.”

– Eng. John Tanui CBS, PS State Department for ICT & Digital Economy

#SafaricomCyberSecuritySummit2025
9:55 AM Β· Nov 13, 2025

This “shared responsibility” model, a theme echoed by Safaricom CEO Peter Ndegwa, was presented as a proven concept. Mulila cited Safaricom’s multi-year collaboration with Kenyan financial institutions, which combined coordinated controls with joint public awareness campaigns. The result, he claimed, was a reduction in certain types of fraud by as much as 90% over four years.

The summit, which coincides with Safaricom’s 25th anniversary, ultimately argued that cybersecurity can no longer be siloed as an “IT department issue.” Safaricom’s leadership, along with its government partners, framed it as a core boardroom responsibility and a pillar of national development, essential for preserving trust as more of the country’s economy moves online.

The Analyst

The Analyst delivers in-depth, data-driven insights on technology, industry trends, and digital innovation, breaking down complex topics for a clearer understanding. Reach out: Mail@Tech-ish.com

Join the discussion

0 comments
posting as Kiboko Mtulivu

Anonymous by default β€” no sign-up or email needed. Prefer to be recognised? Add a name or email above, your call. We don't email you about replies, so do check back.

protected, no CAPTCHAs
Back to top button