In an era when digital transformation is rapidly reshaping business landscapes, cybersecurity has emerged as an essential pillar for both operational resilience and customer trust. This core theme was at the heart of the Safaricom Cybersecurity Summit, which convened amid a backdrop of rising cyberattacks in Africa.

As cyberattacks on financial systems continue to intensify, the summit, held during October’s Cybersecurity Awareness Month, addressed the urgent need for stronger defences.

The event brought together a diverse group of industry stakeholders, including policymakers, security experts and business leaders, to engage in critical discussions around the evolving cybersecurity landscape.

Themed “Secure Innovation, Unstoppable Growth for Kenyan Financial Services”, the summit hosted nearly 500 industry leaders and professionals. It served as a platform for examining prevalent and emerging cyber threats, exploring industry best practices, and spotlighting Safaricom’s suite of trusted, tech-driven solutions designed to safeguard Kenyan businesses.

Dedicated to empowering organisations

Safaricom CEO Peter Ndegwa opened the summit by highlighting the company’s dedication to empowering organisations through innovative cybersecurity solutions.

“At Safaricom, we continue to provide a variety of solutions that connect, protect, enable and transform business, ensuring business continuity even in the face of cyberattacks,” he said. “We offer security advisory, network security, online/data/web security, cybersecurity operations and physical security that includes a video surveillance system. We also have an enhanced cloud solution and reliable connectivity and payment services.”

Nicholas Mulila, Safaricom’s Chief Corporate Security Officer, emphasised the dual nature of innovation and security. “We have innovations that transform the way we do business and the way we live, and therefore, as those innovations are coming through, we also have a great duty to support that innovation.” The only way we can support that innovation is to make sure that it is safe, secure and private, he said.

AI – a double-edged sword

One of the summit’s focal topics was the future of digital payments security in an era increasingly influenced by artificial intelligence (AI).

AI, while presenting significant opportunities in threat detection and automated responses, also poses risks, delegates heard. These include incorrect identification of legitimate threats and manipulation by cybercriminals. Addressing these risks requires a balanced approach that combines AI with human oversight and traditional security measures.

More personalised, targeted attacks

Balagopal Ramakrishnan from SISA Information Security highlighted the urgent need for securing digital transactions, saying, “The easiest target today is the financial industry.”

He noted the proliferation of ransomware and phishing attacks that aim to compromise sensitive financial data and assets. “Cybercriminals are increasingly using advanced tactics such as ransomware, phishing and social engineering to infiltrate financial systems. These attacks are becoming more personalised and targeted, aiming to compromise sensitive data and financial assets.

“It is imperative for organisations to leverage emerging technologies to enhance cybersecurity resilience.”

Vulnerability of African businesses

The summit’s timing was crucial. A 2024 Interpol African Cyberthreat assessment report showed that Africa experienced the highest average weekly cyberattacks per organisation in the second quarter of 2024. This worrying trend was largely attributed to the inadequacy of cybersecurity infrastructure, with nearly 90% of African businesses lacking necessary protocols, leaving them vulnerable to attacks.

In Kenya alone, more than 1.1 billion cyberthreat events were detected between April and June 2024, a situation caused by the proliferation of Internet of Things (IoT) devices, insecure system configurations, deprecated software, and the fast-evolving landscape of new technologies such as AI.

Cynthia Kropac, Safaricom’s Chief Enterprise Business Officer, addressed the vulnerabilities faced by micro, small and medium-sized enterprises (MSMEs). “With growing digitalisation globally, MSMEs remain vulnerable to cyberattacks with a lack of understanding of security risks and limited capital allocation to mitigate such threats,” she said. “There is a need to equip MSMEs with knowledge and hands-on training on how to identify and combat cyber threats and become more cyber-resilient.”

Increase in mobile attacks

The summit also touched on the challenges posed by mobile devices. Safaricom connects individuals to information and opportunities, Peter said. Unfortunately, the proliferation of mobile devices has led to increased cyberattacks.

Statistics from December 2023 showed approximately 5.4 million global mobile cyberattacks, a 147% increase compared to December 2022. This underlined the importance of robust cybersecurity measures that Safaricom promotes.

Leading the cybersecurity charge

As Safaricom celebrates 24 years of leveraging technology and innovation, the summit served as a reminder of the ongoing need to raise awareness about mitigating cyber risks. Peter also highlighted Safaricom Business’s commitment to leading the charge in cybersecurity solutions that address the full spectrum of risks associated with digital operations.

Safaricom Business envisions a digitally empowered Kenya where enterprises of all scales can leverage technology not only as a means of survival but also as a pathway to growth.

Ultimately, the Safaricom Cybersecurity Summit underscored the critical role of partnerships, advanced skills and cutting-edge solutions in defending Kenya’s digital economy. From protecting financial systems to securing customer data, the summit covered everything businesses need to stay resilient against evolving threats.

Safaricom earns highest certification in Privacy Information System Management

Safaricom was awarded the prestigious ISO 27701 Privacy Information Management System (PIMS) certificate in October following a comprehensive evaluation by the British Standards Institute (BSI). Safaricom is among the first mobile network operators in the region to attain this certification.

The PIMS certification serves as a validation of Safaricom’s dedication to safeguarding customer data across its GSM and M-PESA services, confirming that the company adheres to globally accepted regulatory and technical standards in the implementation of privacy management systems.

“I would like to applaud the dedicated cross-functional teams whose tireless efforts have made this achievement possible,” said Peter Ndegwa, CEO of Safaricom. “The attainment of the PIMS certification reaffirms our ongoing commitment to continuously improve our privacy and security measures, ensuring we provide exceptional experiences for our customers while safeguarding their private information.”

Additionally, the company recently achieved the latest and highest level of PCI DSS Certification (upgraded from v3.21 to v4.0).