The total number of reported online crimes almost doubled to 3.5 billion in 2024, exacerbated by two new categories of online crimes.     

“These were Brute force attacks, which involve automated, systematic attempts to crack passwords or encryption by trying every possible combination until the correct one is found, and mobile application attacks, which target vulnerabilities in mobile apps to compromise user data or disrupt services,” says the report. 

According to the Economic Survey 2025, which sourced information from the Communication Authority of Kenya, Kenyans reported 127.8 million Brute force attacks and 526,400 mobile application attacks in 2024.

Other reported crimes include Malware, Botnet/DDoS, Web Application Attacks, and System Vulnerabilities.   

Malware (malicious software) is designed to harm, exploit, or perform unauthorised actions on computers, networks, or devices to steal data, disrupt operations, spy on users, or gain control of systems, such as Viruses and Spyware. 

Botnets refer to a network of compromised computers or devices (called bots or zombies) infected with malware and controlled remotely by a cybercriminal.  

A DDoS attack occurs when a botnet floods a target system, from many devices at once, often globally spread, such as a server, with massive amounts of traffic, overwhelming it and making it unavailable to legitimate users. 

In addition, the country reported an increase in cybersecurity advisories by 48. per cent to 39 million in 2024. 

Mitigation steps 

Cybersecurity advisories provide important information about a cyber threat, vulnerability, or security incident. They often include their description, potential impact on systems, mitigation steps, and technical details, such as affected software versions, indicators of compromise (IOCs), or patches. 

Cybersecurity advisories are typically issued by organisations like government agencies, security vendors, and industry-specific ISACs (Information Sharing and Analysis Centres). 

“Malware advisories more than doubled from 1.1 million in 2023 to 2.5 million in 2024, while website application attack advisories more than tripled from about 3.9 million in 2023 to 13.6 million in 2024,” according to the report. 

“Conversely, advisories related to system vulnerabilities declined by 11.3 per cent while those for Botnets/DDoS attacks dropped by 28 per cent in 2024,” the report adds. 

Notwithstanding the above, the country marked growth in the ICT penetration trends measured against the total population and the population aged three years and above from 2020 to 2024 due to increased reliance on mobile data services for internet access and the entrance of new high-capacity satellite services.  

For instance, mobile-cellular telephone subscriptions per 100 inhabitants rose from 129.5 in 2023 to 136.1 in 2024, while wireless internet subscriptions per 100 inhabitants grew from 99.6 in 2023 to 107.9 in 2024.  

Further, as an indication of the enhanced national bandwidth availability, wireless and fixed internet penetrations per 100 inhabitants stood at 110.3 in 2024 from 101.6 in 2023, while Bits per second per capita (Bps/person) surged from 223,800 in 2023 to about 26.8 million. 

However, the practical impact of enhanced national bandwidth availability on average users may be constrained by affordability and accessibility, as some services are subscription-based and targeted at niche markets. 

Subscriptions increased 

On the other hand, wireless broadband penetration per 100 inhabitants, which includes Wi-Fi, Satellite broadband, mobile broadband, and fixed wireless, rose to 83.6 from 71.4 in 2023, while fixed and wired broadband subscriptions increased to 86.0 in 2024 from 73.4 in 2023.  

The report also highlights a widening in mobile money usage subscriptions per 100 inhabitants, alongside the population aged three years and above, but with slightly higher per capita values in mobile and internet subscriptions.  

“Mobile money usage subscriptions per 100 inhabitants expanded to 80.7 in 2024 from 73.8 in 2023,” stated the report.