Cybersecurity law, forensics top Kenya’s most key skill shortages
In the first quarter of 2025, Kenya recorded a staggering 201.7 per cent rise in cyber-attacks.
A skills study has found Cybersecurity/Information Security Law to be the most critically-lacking skill, followed by Digital Forensics, amid rising online attacks.
The industry research by Usiu-Africa, which evaluated employers, faculty and graduates, established a mismatch between what young people are taught and what the industry needs.
Other critically lacking skills are Malware Analysis, Cryptography, Software Security and Cloud Security, underscoring emerging challenges in modern technology.
“The prominence of legal and forensic skills at the top suggests a need for interdisciplinary curricula that integrate law, ethics and digital forensics to bridge gaps, particularly as cyber threats increase,” said Kenya Bankers Association Institute (KBA) manager Bernice Onyango.
The research – “Bridging the Cybersecurity Skill Gap: Aligning Training with Industry Expectations” – was conducted in collaboration with industry consulting experts Serianu Ltd, KBA and Usiu-Africa, with financing from the Challenge Fund for Youth Employment (CFYE).
In the first quarter of 2025, Kenya recorded a staggering 201.7 per cent rise in cyber-attacks, reaching an all-time high of 2.5 billion incidents, according to the Communications Authority of Kenya (CA).
This means every Kenyan was attacked up to 50 times in just three months.
Meanwhile, youth unemployment in Kenya stands at 39 per cent, the highest in East Africa, even as thousands of cybersecurity roles remain unfilled.
During the same period, the CA issued 13.2 million cybersecurity advisories targeting key sectors, including finance, telecommunications and government systems.
The sharp rise in attacks was largely driven by the exploitation of system vulnerabilities like unpatched software, weak passwords, outdated encryption methods and poorly secured network configurations.
There was also a notable increase in attacks on web applications and online platforms.
This highlights the challenge employers face when recruiting talent to support this critical and evolving area of cybersecurity.
Cybersecurity
To remedy the gap, Serianu, Usiu-Africa, KBA and CFYE unveiled Cyber Shujaa in March 2022 – a youth-focused cybersecurity and data protection skilling initiative that has since trained at least 2,900 young people and placed more than 2,000 graduates in jobs.
“Cyber Shujaa is more than just a programme, it’s a national movement that reflects Kenya’s readiness to confront the reality of an interconnected digital economy,” said Immaculate Kassait of the Office of the Data Protection Commissioner (ODPC).
She made the remarks during the fifth graduation ceremony of the Cyber Shujaa programme at Usiu-Africa, where 1,000 youth were awarded certificates.
The graduates are expected to help bridge the cybersecurity professionals gap, with ISC’s Cybersecurity Workforce Study showing a shortage of 4.8 million cybersecurity professionals worldwide in 2024.
This means that even advanced markets are still struggling to recruit and retain the talent needed to support this critical and evolving field.
In Kenya, services are increasingly online, from M-Pesa to e-Citizen, with everything going digital.
This comes with challenges. Utilities, for instance, need personnel to manage accounts, settle bills, process complaints and maintain customer data. With every transaction, a trail of personal data is created, underscoring the need for safeguards.
“Every digital platform we roll out is only as strong as the people protecting it, and here lies our greatest challenge: the skills gap,” said ICT Authority Deputy Director Phillip Irode.
