It has now emerged that over 2.5 billion cyber-attacks targeting various systems in the country were carried out between January and March of 2025.
The shocking details are contained in the Cyber Shujaa Industry Report 2025, which further reveals a dangerous shortage of trained experts to defend the country’s systems.
According to the report, universities in the country are only producing an average of 1,500 graduates in the cybersecurity space against 45,000 jobs available.
Follow The Standard
channel
on WhatsApp
Even more worrying, the report shows, is that most university graduates in the sector lack the skills demanded by industry.
The Communications Authority (CA) issued 13.2 million advisories during this period, with banks, telecom firms and government systems among the hardest hit.
Criminals are taking advantage of weak passwords, unpatched software and poorly secured networks to breach systems.
Yet as the threats multiply, Kenya does not have enough professionals to fight back.
READ: We must be vigilant in combating cyber attacks
The report notes that while the region has an estimated 45,000 cybersecurity jobs available, universities are producing only about 1,500 graduates each year.
Dr. Paula Musuva, Curriculum and Training Director at Cyber Shujaa, noted that the findings point to a persistent and global shortage of cybersecurity professionals that is now being felt acutely in Kenya.
“On the supply side, many young people struggle to find jobs despite the growing demand for digital skills. On the demand side, companies often compete for the limited number of skilled professionals, leading to a talent gap,” she noted.
Musuva warned that with cyber threats on the rise, addressing the gap is more urgent than ever.
This leaves a crippling 96 per cent skills gap that is widening as cyber criminals become more sophisticated.
The shortage is most severe in highly specialised areas. Organisations are struggling to recruit experts in digital forensics and incident response — crucial for investigating and recovering from attacks.
READ: Ministry warns of growing cyber attacks on government
Software security architects and cloud security specialists are also in high demand but are not readily available in the market as businesses rush to digitise.
A shortage of DevSecOps engineers, who integrate security into software development, further complicates the situation.
The report also highlights the scarcity of ethical hackers — professionals tasked with exposing vulnerabilities before criminals exploit them.
The report warns that this lack of expertise leaves companies “wide open” and unable to predict or prevent threats, exposing them to massive financial and operational losses.
Employers further complain of a mismatch between university training and the skills needed in the workplace.
The most critical gaps include knowledge of cybersecurity law, digital forensics and malware analysis.
This mismatch means that despite thousands of vacancies, more than a third of cybersecurity graduates remain jobless.
While most lecturers believe their students graduate job-ready, companies say many lack the technical know-how and soft skills demanded by the industry.
Data Commissioner Immaculate Kassait, who addressed graduates during the launch of the report, described the shortage of skills as a national security threat.
“We are no longer fighting wars on physical borders. That has shifted. The war has moved to cyberspace. Every single day we are confronted by cybersecurity threats — and those entering this field carry a responsibility almost as heavy as doctors and nurses caring for patients in intensive care,” she said.
Kassait stressed that cybersecurity and data protection must always go hand in hand.
“Cybersecurity focuses on protecting systems from attack, while data protection ensures that personal information is handled with dignity and fairness. Neither can exist in isolation,” she noted.
She added that Kenya must now move from simply complying with legal requirements to building “a culture of privacy by design and by default,” embedding safeguards from the very beginning of digital projects.
The report also highlights a glaring gender gap in the field.
ALSO READ: Rising cyber-attacks leave firms with huge losses
Globally, women hold only a quarter of cybersecurity jobs, and in Kenya, more than a third of organisations report having no women at all in their security teams.
Even those who enter the profession often drop out, with studies showing that half of women eventually leave tech careers altogether. Kassait praised the Cyber Shujaa program for raising female participation to 41 per cent and urged the sector to aim higher.
“No country can afford to leave half of its talent behind. Kenya’s digital workforce must reflect Kenya’s diversity,” she said.
The findings were unveiled during the graduation of 1,000 trainees under the Cyber Shujaa Program, an initiative that is trying to close the gap.
Over the past three years, the program has trained more than 3,000 young people and placed over 2,000 into cybersecurity jobs, boasting a placement success rate above 90 per cent.
But as the cost of data breaches climbs and hackers increasingly deploy artificial intelligence to outsmart defences, experts say efforts must go beyond isolated programs.
Kassait called for mainstreaming cyber skills in national development, expanding opportunities outside Nairobi, and scaling up gender inclusion initiatives such as Women in Cyber.
“Cybersecurity is not an afterthought. It is a foundation of trust,” she said.
Follow The Standard
channel
on WhatsApp
It has now emerged that over 2.5 billion cyber-attacks targeting various systems in the country were carried out between January and March of 2025.
The shocking details are contained in the Cyber Shujaa Industry Report 2025, which further reveals a dangerous shortage of trained experts to defend the country’s systems.
According to the report, universities in the country are only producing an average of 1,500 graduates in the cybersecurity space against 45,000 jobs available.
Follow The Standard
channel
on WhatsApp
Even more worrying, the report shows, is that most university graduates in the sector lack the skills demanded by industry.
The Communications Authority (CA) issued 13.2 million advisories during this period, with banks, telecom firms and government systems among the hardest hit.
Criminals are taking advantage of weak passwords, unpatched software and poorly secured networks to breach systems.
Yet as the threats multiply, Kenya does not have enough professionals to fight back.
READ:
We must be vigilant in combating cyber attacks
The report notes that while the region has an estimated 45,000 cybersecurity jobs available, universities are producing only about 1,500 graduates each year.
Dr. Paula Musuva, Curriculum and Training Director at Cyber Shujaa, noted that the findings point to a persistent and global shortage of cybersecurity professionals that is now being felt acutely in Kenya.
“On the supply side, many young people struggle to find jobs despite the growing demand for digital skills. On the demand side, companies often compete for the limited number of skilled professionals, leading to a talent gap,” she noted.
Musuva warned that with cyber threats on the rise, addressing the gap is more urgent than ever.
This leaves a crippling 96 per cent skills gap that is widening as cyber criminals become more sophisticated.
The shortage is most severe in highly specialised areas. Organisations are struggling to recruit experts in digital forensics and incident response — crucial for investigating and recovering from attacks.
Stay informed. Subscribe to our newsletter
READ:
Ministry warns of growing cyber attacks on government
Software security architects and cloud security specialists are also in high demand but are not readily available in the market as businesses rush to digitise.
A shortage of DevSecOps engineers, who integrate security into software development, further complicates the situation.
The report also highlights the scarcity of ethical hackers — professionals tasked with exposing vulnerabilities before criminals exploit them.
The report warns that this lack of expertise leaves companies “wide open” and unable to predict or prevent threats, exposing them to massive financial and operational losses.
Employers further complain of a mismatch between university training and the skills needed in the workplace.
The most critical gaps include knowledge of cybersecurity law, digital forensics and malware analysis.
This mismatch means that despite thousands of vacancies, more than a third of cybersecurity graduates remain jobless.
While most lecturers believe their students graduate job-ready, companies say many lack the technical know-how and soft skills demanded by the industry.
Data Commissioner Immaculate Kassait, who addressed graduates during the launch of the report, described the shortage of skills as a national security threat.
“We are no longer fighting wars on physical borders. That has shifted. The war has moved to cyberspace. Every single day we are confronted by cybersecurity threats — and those entering this field carry a responsibility almost as heavy as doctors and nurses caring for patients in intensive care,” she said.
Kassait stressed that cybersecurity and data protection must always go hand in hand.
“Cybersecurity focuses on protecting systems from attack, while data protection ensures that personal information is handled with dignity and fairness. Neither can exist in isolation,” she noted.
She added that Kenya must now move from simply complying with legal requirements to building “a culture of privacy by design and by default,” embedding safeguards from the very beginning of digital projects.
The report also highlights a glaring gender gap in the field.
ALSO READ:
Rising cyber-attacks leave firms with huge losses
Globally, women hold only a quarter of cybersecurity jobs, and in Kenya, more than a third of organisations report having no women at all in their security teams.
Even those who enter the profession often drop out, with studies showing that half of women eventually leave tech careers altogether. Kassait praised the Cyber Shujaa program for raising female participation to 41 per cent and urged the sector to aim higher.
“No country can afford to leave half of its talent behind. Kenya’s digital workforce must reflect Kenya’s diversity,” she said.
The findings were unveiled during the graduation of 1,000 trainees under the Cyber Shujaa Program, an initiative that is trying to close the gap.
Over the past three years, the program has trained more than 3,000 young people and placed over 2,000 into cybersecurity jobs, boasting a placement success rate above 90 per cent.
But as the cost of data breaches climbs and hackers increasingly deploy artificial intelligence to outsmart defences, experts say efforts must go beyond isolated programs.
Kassait called for mainstreaming cyber skills in national development, expanding opportunities outside Nairobi, and scaling up gender inclusion initiatives such as Women in Cyber.
“Cybersecurity is not an afterthought. It is a foundation of trust,” she said.
Follow The Standard
channel
on WhatsApp
By Lewis Nyaundi