Kenya is moving to significantly strengthen its digital defenses with plans to establish a National Cybersecurity Agency, a move the government says will protect citizens’ data, secure public systems, and enhance the country’s standing as a regional leader in cyber resilience.
The announcement was made by ICT and Digital Economy Principal Secretary John Tanui, who confirmed that the proposal has already received Cabinet approval and will soon be tabled in Parliament following consultations with the Ministry of Interior. If approved, the agency will become the central body coordinating Kenya’s response to cyber threats at a time when digital risks are rising globally.
“Cybersecurity is a very important area. It is not a problem of Kenya alone; it is a global challenge,” Tanui said, underscoring the need for strong national structures to protect the country’s expanding digital ecosystem.
Strengthening National Coordination
According to the government, the new agency will play a strategic role in coordinating national responses to cyber incidents, complementing existing institutions such as the Office of the Data Protection Commissioner (ODPC). While the ODPC focuses primarily on personal data protection, the proposed agency will take a broader view—covering government systems, critical infrastructure, and national cyber preparedness.
Tanui emphasized that protecting personal data remains the first line of defense. He credited the ODPC for establishing regional offices and enforcement mechanisms that have helped improve trust in Kenya’s data protection framework, making the country more attractive to investors and digital service providers.
Aligning with Global Standards
A key objective of the National Cybersecurity Agency will be to help Kenya meet international data protection and cybersecurity standards. The government is targeting engagement with the European Union on data adequacy by 2026, a milestone that would signal global trust in Kenya’s data protection regime and open doors for cross-border digital trade.
“Our aim is to reach the level where Kenya can engage Europe on adequacy, meaning our data protection framework is trusted and respected internationally,” Tanui said.
This push aligns with broader global efforts to harmonize cybersecurity and privacy frameworks, an area where advisory and compliance support from firms like Saintynet Cybersecurity is increasingly critical for governments and enterprises alike.
Public Sector Cyber Maturity on the Rise
The government has also been restructuring ICT roles across ministries to embed cybersecurity at the leadership level. Where ICT officers once focused mainly on basic connectivity, every state department now has an ICT directorate led by a director who participates in senior management meetings.
This shift, Tanui noted, has helped Kenya contain cyber incidents without major disruptions—even as large global platforms continue to experience frequent and high-profile attacks.
Cybersecurity as a Jobs Engine
Beyond national security, the planned agency is expected to support workforce development. Tanui highlighted the global shortage of cybersecurity professionals, estimating that more than 1.3 million roles worldwide remain unfilled.
Kenya is encouraging young people to acquire cybersecurity skills, from technical defense roles to governance, risk, and compliance positions. Training and awareness programs—such as those offered through professional platforms and initiatives like Saintynet training and awareness programs—are expected to play a key role in building this talent pipeline.
Why This Matters for Africa and Beyond
While the agency is a national initiative, its impact could extend far beyond Kenya’s borders. The government’s ambition is clear: to make Kenya the go-to destination for cybersecurity expertise in Africa.
“Our expectation is that if someone has a cybersecurity problem in Africa, they should come to Kenya for a solution,” Tanui said, adding that the rise of AI-driven threats will only increase the importance of strong cyber institutions.
For businesses, governments, and digital communities across Africa—and partners in the Middle East and globally—Kenya’s move signals a growing recognition that cybersecurity is not just a technical issue, but a pillar of economic growth, trust, and digital sovereignty.
Recommended Actions for Security Teams and Organizations
- Review national and sector-specific cybersecurity regulations and prepare for new compliance requirements.
- Strengthen data protection programs in line with global standards such as GDPR.
- Invest in cyber risk assessments and incident response planning.
- Improve coordination between IT, legal, and executive leadership on cyber issues.
- Enhance employee cybersecurity awareness and training programs.
- Monitor supply-chain and third-party cyber risks closely.
- Adopt security-by-design principles in digital services.
- Engage with national cybersecurity authorities and information-sharing platforms.
- Prepare for increased regulatory oversight and reporting obligations.
- Build long-term cyber resilience strategies, not just reactive controls.
Conclusion
Kenya’s plan to establish a National Cybersecurity Agency marks a decisive step toward stronger national cyber defenses and international credibility. By improving coordination, aligning with global standards, and investing in skills development, the country is positioning itself not only to protect its digital future, but to lead Africa’s cybersecurity journey.
