Kenya’s National Assembly has approved the National Cybersecurity Agency (NCSA) Order, 2026, clearing the way for a standalone agency to coordinate the country’s cybersecurity response. The government has allocatedKES 4 billion ($31 million) for setup and operations. This development stems from the conflicting roles of different agencies whose activities were overlapping thus creating confusion.
Kenya’s cybersecurity functions are presently split across multiple institutions: theCommunications Authority (CA) of Kenya, the National KE-CIRT/CC, the Kenya Defence Forces, and the National Intelligence Service. Each is handling a piece of the problem without a single body coordinating the whole picture. Think of it like having five fire stations that don’t talk to each other and can’t agree on who responds to which fire. The NCSA is supposed to be the central command that fixes that.
Between January and March 2026, Kenya’s existing system detected 3.37 billion cyber threat events and issued over 20 million advisories. Those aren’t abstract statistics; they represent attacks on the mobile money platforms, e-government systems, hospitals, and telecoms infrastructure that millions of Kenyans use every day.
It’s a good year for cybersecurity: Mozambique is also fast-tracking its own national cyber strategy with Finnish support. African governments built digital infrastructure for a decade without building the defences to protect it. The reckoning is arriving, and Kenya just blinked first.