Even as Kenya’s telecoms industry recorded 4.07 million new smartphone subscribers, cyber threats continue to rise, with vulnerabilities across systems accounting for 96% of all incidences, putting at risk the country’s cash lite economy.
Telecoms industry watchdog says 5G users consumed 46.4GB per user, which is three times more that of 4G, users even though coverage remains limited, giving telecoms an opportunity to cash in.
The latest Oct-Dec report shows that smartphones outnumber feature phone users by 19 million units, pushing Kenya’s telecom providers closer to high-margin data and mobile service revenue streams.

Cyber threats continued to put Kenya’s increasingly cash lite economy to the test in the three months to December 2025, with industry data showing vulnerability incidences surged by over 440 percent.

According to the Communications Authority of Kenya Second Quarter (FY2025/26) Sector Statistics report, the Kenya Computer Incident Response Team recorded 4.56 billion cyber threats in the three months to December 2025.

This was a 441.3 per cent rise from the 842 million cyber events captured between July 1 and September 30, 2025. The sharp rise in cyber threats sends a loud cautionary message in a country that experienced 12 percent increase in usage of broadband services and 9.1 per cent jump in use of smartphone devices during the quarter.

East Africa’s largest economy has been pushing hard on digital transformation marked by push for a national identity card programmes, and growth of mobile money services. Recently, the country unveiled a $1.18 billion artificial intelligence blueprint, all avenues that look under threat from rising cases of cyber attacks.

System vulnerabilities top vector in Kenya’s cyber threat risk

The breakdown of the 4.56 billion threats reveals a clear pattern of neglect in basic cyber hygiene. CA report shows that system vulnerabilities accounted for the overwhelming majority of incidents, about 4.37 billion events, or 96 per cent of all cases that were detected. This represents a 463 per cent increase from the 776 million system vulnerabilities recorded between July and September.

In its analysis, the Authority attributed the surge to “inadequate system patching, insufficient user awareness of phishing and other social engineering threat vectors, and the increasing exploitation of AI-driven and machine learning technologies by malicious actors.”

Other attack vectors also grew at alarming rates. Brute force attacks, where hackers attempt to guess login credentials through automated trial and error, increased by 127 percent to 42.8 million incidents. At the same time, Malware detections more than doubled, climbing 124 per cent to 70.9 million.

Most strikingly, cases of Distributed Denial-of-Service (DDoS) attacks, which are normally designed to overwhelm websites and online services until they collapse, increased by 1,117 per cent to 58.3 million events across the industry. For financial services firms, e-commerce platforms, and government portals, this signals a new and aggressive threat level.

Advisories rise but so does exposure

In response to the 4.56 billion threats, KE-CIRT/CC issued 21.8 million cyber threat advisories during the quarter, up 9.3 per cent from the previous quarter’s 19.9 million. However, the sheer volume of threats relative to advisories, 4.56 billion versus 21.8 million, could implyy that the vast majority of incidents are either automated nuisance events or, more worryingly, successful breaches that go unaddressed.

The CA recommends “multi-factor authentication with comprehensive password policies, proper network firewall and antivirus software configuration, and continuous enhancement of advisories to emphasise regular system and application patching.” Yet the scale of the Q4 data suggests that compliance across Kenya’s rapidly expanding base of small businesses, public institutions, and individual users remains dangerously low.

For an economy where mobile money transactions alone exceed KES 5 trillion annually, the report raises uncomfortable questions about systemic risk. Safaricom PLC, which controls 89 per cent of the mobile money market through its M-Pesa platform, has historically invested heavily in security. But the 4.56 billion figure includes threats across all networks, fixed lines, and public internet connections—many of which lie beyond the direct control of any single operator.

Kenya’s data usage increased by 12% on smartphone adoption

Amid the cybersecurity storm, Kenya’s core telecommunications market continued its steady expansion. Total mobile broadband consumption grew by 12.0 per cent in the quarter to reach 755,095 Terabytes (TB), driven primarily by a record adoption of smartphones.

CA data shows that the country added 4,073,657 new smartphone users the three months to December, bringing the total number of active smart gadgets connected to mobile networks to 48.7 million. Over the same period, feature phone subscribers declined by 776,465 to 29.6 million.

Overall, smartphones now outnumber feature phones by nearly 19 million units amid increased push by players to attract data customers. For more than a decade, Kenyan mobile network operators (MNOs) invested in 3G, then 4G, and now 5G infrastructure, waiting for the device ecosystem to catch up.

“The 12 per cent rise in data usage is directly attributable to the 9.1 per cent growth in smartphone devices,” the CA notes. During the quarter, mobile data subscriptions overall grew 2.9 per cent to 61.9 million, of which 83.2 per cent were on mobile broadband (3G, 4G, or 5G), while legacy 2G data subscriptions continued their terminal decline.

5G users consume three times more data

Within the broadband segment, a clear stratification in Kenya’s telecom industry is emerging. The average mobile broadband user consumed 14.6 GB in the quarter, up marginally from 14.3 GB. However, 5G subscribers averaged 46.4 GB per user, reflecting over three times the 14.1 GB recorded for 4G users and dramatically higher than the 4.0 GB average for those still on 3G.

This disparity has profound implications for revenues of network operators. 5G users generate data traffic at a premium rate, yet 5G coverage remains limited to approximately 30 per cent of the population, concentrated in Nairobi, Mombasa, Kisumu, and a handful of other urban centres.

The CA report shows that 4G and 5G subscriptions continued an upward trajectory, while 2G and 3G subscriptions declined, a trend the Authority expects to accelerate as more affordable smartphones enter the market. Chinese handset makers including Transsion (Tecno, Itel, Infinix) and Xiaomi have aggressively targeted the sub-KES 10,000 ($77) price point, directly enabling the hardware transition.

Voice and SMS lose ground

Not every metric pointed upwards. Total domestic mobile voice minutes grew 5.2 per cent to 31.5 billion, but this was almost entirely driven by on-net calls (within the same network). More significantly, SMS traffic declined to 14.4 billion messages from 14.7 billion in the previous quarter.

The CA attributes this directly to the displacement of traditional telco services by Over-The-Top (OTT) platforms. “SMS traffic declined… probably due to growing uptake of internet-based messaging services,” the report states. WhatsApp, Telegram, and Signal, all of which run on the smartphone data connections driving the 12 per cent consumption growth, are effectively edging out legacy SMS revenue stream.

Minutes of Use (MoU) per subscription per month increased to 133.9 minutes, up from 127.5 minutes in the previous quarter. But the number of SMS sent per subscriber fell to 61.1 from 62.4. For MNOs, voice and SMS are turning into low-margin utilities, while data bundles and value-added services (mobile money, cloud storage, streaming partnerships) represent viable growth vectors.

Market share across Kenya’s mobile industry

The competitive structure of Kenya’s telecom market remained largely unchanged. Regional giant Safaricom PLC maintained its dominant position with a 66.8 per cent share of mobile subscriptions, 64.3 per cent of mobile broadband, and 89.0 per cent of mobile money.

However, the fixed data segment, which is increasingly vital for enterprise cloud services, remote work, and streaming, a new pertan is emerging. Total fixed data/internet subscriptions grew by 7.4 per cent to 2.46 million.

Safaricom led with 858,394 subscriptions (34.9 per cent market share), but rival Jamii Telecommunications Limited (JTL) surged to second place with 494,150 (20.1 per cent), followed by Wananchi Group (Zuku) at 272,802 (11.1 per cent) and Poa Internet Kenya at 263,305 (10.7 per cent).

Notably, Ellon Musk’s Starlink Internet Services Kenya entered the top ten for the first time, recording 22,282 fixed satellite subscriptions (0.9 per cent market share) just months after receiving operating approval. Elon Musk’s low-earth-orbit satellite service poses a direct challenge to both fibre providers and the slow rollout of fixed wireless access by incumbent MNOs.

Roaming and international traffic signal

The watchdog’s data also contained early signs of a recovery in regional travel and trade. In-bound roaming voice traffic (visitors to Kenya) grew 5.4 per cent to 191.6 million minutes, while out-bound roaming voice traffic (Kenyans travelling abroad) edged up 0.3 per cent to 156.8 million minutes.

Traffic from and to East African Community (EAC) countries accounted for 68.5 per cent of incoming international mobile voice minutes and 71.0 per cent of outgoing minutes. Uganda and Tanzania remained the dominant roaming corridors, consistent with their status as Kenya’s largest regional trade partners.

Kenya’s digital economy faces test from cyber threats

The CA’s Q2 2025/2026 report presents two parallel realities. On one hand, Kenya is finally realising the long-promised dividends of digital investment: smartphone penetration is accelerating, 5G users are consuming data at rates that justify further infrastructure spending, and fixed broadband competition is driving down prices for consumers.

On the other hand, the 441 per cent surge in cyber threats is a flashing red light. A digital economy built on mobile money, digital IDs, and AI-driven services cannot function without public trust in the security of those systems. The 4.56 billion threat events logged in a single quarter suggest that trust is not yet backed by adequate protection.

For policymakers at the CA and the Ministry of Information, Communications and the Digital Economy, the priority is no longer simply expanding coverage or lowering data prices. It is ensuring that the networks Kenyans increasingly rely on for banking, healthcare, education, and commerce are resilient enough to withstand the next wave of AI-powered attacks, because if the Q2 data is any guide, that wave has already arrived.