Kenya, June 28 -- Kenyan banks are facing a big problem because there aren't enough cybersecurity experts. This makes it hard for them to protect themselves from increasing cyber threats, even though they spend a lot of money up to Sh600 million ($4.6 million) each year on cybersecurity, according to a recent survey by the Central Bank of Kenya (CBK).
The survey shows that there aren't many skilled workers available and that training them costs a lot, which makes it difficult for banks to put in place strong safety measures.
As a result, these banks are at risk of attacks like phishing (where hackers trick people into giving them sensitive information), ransomware (where they lock up a computer and demand money to unlock it), and threats driven by artificial intelligence (AI).
As Kenya's digital economy grows, the lack of cybersecurity skills has led to calls for better training programs and changes in regulations to protect the financial sector.
The CBK survey looked into how well banks are following its 2017 Cybersecurity Guidelines. It found that Kenyan banks spend between Sh19 million ($147,000) and Sh600 million each year on things like software, testing for vulnerabilities, and training staff.
However, only 68% of banks have fully set up Security Operations Centres (SOCs). Here, 29% are still in the process of setting them up, and 3% have no plans at all.
A third of the banks still rely on old manual systems to monitor threats, which doesn't work well because these systems can't catch problems in real time.
The CBK mentioned that one of the big issues is the high cost of hiring and keeping cybersecurity experts. Kenya needs between 40,000 and 50,000 cybersecurity workers but only has around 1,700 to 2,000.
This shortage makes it tough for banks to compete with fintech companies and Big Tech firms that offer more attractive salaries.
The Communications Authority of Kenya reported a 202% increase in cybercrime incidents, with 2.5 billion threats detected in just the first quarter of 2025.
This shows that cybercriminals are becoming more advanced. For example, a serious hack in July 2024 stole 18 GB of data, highlighting the urgent need for better security.
Getting certified in cybersecurity can be very expensive, which adds more pressure on bank budgets. Universities and training centers in Kenya are struggling to produce graduates who are ready for the job. Often, cybersecurity training is only available at postgraduate levels, not for younger students.
An ICT lecturer, John Walubengo, pointed out that other IT fields get more attention in schools, not cybersecurity. This leads to not enough talent available to meet the needs of banks, especially with advanced threats like ransomware-as-a-service (RaaS).
The CBK plans to update its 2017 guidelines to address new risks like AI and mobile money fraud, but banks are worried this could mean higher costs to stay compliant.
Half of the banks surveyed do not fully meet current rules, facing issues like not enough staff and outdated tools.
Experts suggest that banks should invest in AI tools to detect threats and collaborate with outside companies to fill the skills gap. "Partnerships give access to special skills and technologies," said DashDevs, emphasizing the need for ongoing monitoring to fight against new threats.
The International Monetary Fund (IMF) and the World Bank have called for stronger national cybersecurity strategies. Meanwhile, the Kenyan government has set up a reform task force to find a balance between security and privacy.
As banks deal with these challenges, closing the skills gap is very important to protect customer data and keep trust in the financial system.
Published by HT Digital Content Services with permission from Bana Kenya.