Time flies with great content! Renew in to keep enjoying all our premium content.
Automation, AI as future of cybersecurity
A cybersecurity ecosystem is a harmonious interplay of policy, people, platforms, and partnerships. And this is where the Kenyan and African context must lead the conversation.
We are living in a time when the rapid pace of digital transformation, while unlocking immense opportunity, is also dramatically expanding the cyber threat surface. The digital age has become both a blessing and a battleground.
And as Kenya races towards a digital-first economy, it's clear that cybersecurity is no longer a peripheral issue—it is a core strategic imperative.
In second quarter of 2025 alone, Kenya experienced a staggering 840.9 million cyber threats, a 27.2 percent increase from the previous quarter, according to the Communications Authority of Kenya (CA) and corroborated by SOC Radar’s Kenya Threat Landscape Report 2025. The top attack vectors?
AI-powered phishing campaigns, ransomware-as-a-service, and highly targeted social engineering attacks. The targets? Government systems, financial institutions, healthcare providers, and worryingly, universities, with outdated infrastructure and under-trained personnel.
This is no longer just about viruses or malicious spam. Cybercriminals are now leveraging generative AI to deceive, infiltrate and automate at scale.
Firewalls and passwords alone are insufficient in this era. We are entering a new paradigm—where AI and automation are not optional enhancements but foundational to our digital defence. But here’s the deeper question: Who controls these technologies, and are they fit for our local realities?
Let’s take Microsoft as a practical case study in what AI-enabled cybersecurity might look like when done at scale. Today, Microsoft processes over 78 trillion cybersecurity signals daily. That level of signal processing is beyond the capacity of any human team.
Through machine learning and automated threat analysis, anomalies can be flagged and threats contained in milliseconds.
Their generative AI solution—Copilot for Security—offers security teams real-time suggestions, automated threat summaries, and incident response capabilities. Early metrics show marked improvements in speed and accuracy for both novice and seasoned professionals.
In regions like Kenya, where the cybersecurity talent shortage is acute, such tools could be transformative. Tools like Copilot are not just useful—they could be game-changers. But they are not enough.
Africa—and Kenya in particular—needs cybersecurity ecosystems, not just cybersecurity vendors.
This means building more than just a toolkit of software and services; it requires a holistic foundation that brings together skilled human capital (arguably our greatest asset), resilient infrastructure and regulatory frameworks shaped by and for our unique context.
It also calls for deeper collaboration on threat intelligence across industries and sectors, as well as a commitment to digital sovereignty and ethical governance of AI. Only then can we create a cybersecurity environment that’s not just reactive, but resilient, inclusive and future-ready.
A cybersecurity ecosystem is a harmonious interplay of policy, people, platforms, and partnerships. And this is where the Kenyan and African context must lead the conversation.
The growing deployment of AI in cybersecurity must not mask our underlying weaknesses. These include outdated IT infrastructure in critical institutions, low public awareness, fragmented policies and weak enforcement and over-reliance on imported solutions with little local customisation.
There’s also an uncomfortable truth we need to talk about: AI-powered cybersecurity is never entirely neutral. The tools and systems we increasingly rely on are built elsewhere, shaped by priorities, perspectives, and even political undercurrents that may not fully align with our own.
In Kenya, as we adopt these systems at scale, we must ask hard questions: Do they reflect our national values? Do they uphold our legal standards? Do they protect our data sovereignty, or merely accommodate it?
Our Data Protection Act (2019) was a good start, but implementation has been inconsistent. What we need are enforceable standards, meaningful user consent, and local oversight that keeps pace with the tech.
The encouraging part is that we’re beginning to see shifts in that direction.
Kenya’s Cybersecurity Strategy 2025–2029 outlines plans for a National Cybersecurity Operations Centre, improved threat intelligence sharing, and deeper regional collaboration. These are meaningful signals.
But to build long-term resilience, we have to go further—by nurturing local cybersecurity startups, embedding cybersecurity into our education system, and pushing for continental regulatory alignment through mechanisms like the AU’s Malabo Convention.
One initiative that stands out here—both in ambition and relevance—is a new regional cybersecurity collaboration launched at the Global Conference on Cyber Capacity Building in Geneva. It includes Kenya’s own NC4 (National Computer and Cybercrime Coordination Committee) and is focused on something refreshingly practical.
There is no question that AI and automation are shaping the future of cybersecurity. But we must ask ourselves—whose vision of the future are we securing? We must act now—with urgency, integrity, and ambition—to ensure that as Kenya and the rest of Africa rises digitally, it does so securely.
