Kenya’s digital inhabitants is very energetic on-line, broadly conscious of the nation’s information safety framework, and deeply anxious about cybercrime. But consciousness has not totally translated into protecting behaviour, and monetary losses from cyber incidents are widespread.
GeoPoll performed this survey throughout Kenya in April 2026 to know how odd individuals expertise the digital safety panorama, from consciousness of authorized protections to the safety incidents they’ve personally encountered. Most respondents use the web a number of occasions a day, primarily by means of smartphones. Social media is near-universal. Cell cash platforms like M-Pesa sit on the coronary heart of each day monetary life, and, as the information reveals, on the coronary heart of fraud publicity too.
- 73% are conscious of Kenya’s Information Safety Act (2019), Practically three in 4 Kenyans have heard of the Information Safety Act, 2019, a powerful consequence for a legislation enacted simply over 5 years in the past. Consciousness is highest amongst city,
- 37% Misplaced cash because of a cyber-related incident. A couple of in three respondents suffered direct monetary loss from a cyber incident over the previous 12 months. Cell cash fraud and phishing are the first vectors. Male respondents usually tend to report losses (40%) than ladies (34%)
- 90% Concerned about studying extra about cybersecurity. 9 in ten respondents wish to be taught extra about cybersecurity, a degree of demand that’s genuinely distinctive and represents a transparent mandate for private and non-private sector schooling initiatives.
- 69% Very involved about cybercrime in Kenya. Cybercrime concern is near-universal, with 69% ‘very involved’ and an additional 16% ‘considerably involved’ that means 85% of all respondents specific important fear concerning the risk.
75% of respondents are uncomfortable sharing private data on-line, but over half commonly share their cellphone quantity and e mail handle on digital platforms.
Kenya is on-line, and it’s mobile-first
Practically 9 in ten respondents entry the web a number of occasions a day. The smartphone dominates, and social media is the near-universal digital entry level.
Social media dominates at 88%, according to Kenya’s place as considered one of Africa’s most energetic social media markets. E mail (42%) and on-line banking (32%) observe, with e-commerce at simply 2%, a sign that cell cash platforms have successfully absorbed the transactional position that on-line retail occupies elsewhere. The smartphone is the gateway to all of this: 79% of respondents cite it as their main web system. This isn’t a brand new development however an accelerating one, Kenya’s mobile-first web economic system has been constructed on the again of sub-$100 Android handsets and aggressive cell information pricing from operators like Safaricom, Airtel, and Telkom.
Web entry is intensive somewhat than occasional. 87% of respondents join a number of occasions each day, which implies Kenyan customers are repeatedly uncovered to the digital atmosphere, and to its dangers. Understanding cybersecurity for Kenyan customers is just not about defending a tool that will get used as soon as every week. It’s about securing the device that manages cash, communication, enterprise, and social life across the clock.
Excessive DPA consciousness, however understanding lags behind
The Information Safety Act, 2019 got here into power on 25 November 2019, making Kenya one of many first nations in East Africa to undertake complete information safety laws modelled on the EU’s GDPR. Enforced by the Workplace of the Information Safety Commissioner (ODPC), the Act offers each Kenyan the fitting to know what private information is held about them, how it’s used, and the fitting to have it corrected or deleted. In 2025 alone, Kenyan organisations paid over KES 30 million in compensation to people for privateness violations, signalling that enforcement is intensifying. 
73% of respondents have heard of Kenya’s Information Safety Act (2019). Nevertheless, self-reported understanding of how firms use private information tells a extra nuanced story.
That 73% of our respondents have heard of the Act is an encouraging headline. However consciousness is just not the identical as understanding — solely 36% say they perceive ‘very nicely’ how firms use their private information, and 28% say they don’t perceive it very nicely in any respect. This hole between realizing a legislation exists and understanding its sensible implications for one’s personal digital behaviour is exactly the house the place exploitation occurs.
Social media is overwhelmingly the main supply of knowledge safety schooling at 77%, almost double information and conventional media (44%). Authorities campaigns attain solely 14%, suggesting official public schooling efforts have important room to develop. Amongst males, DPA consciousness is barely larger at 76% vs. 70% amongst ladies, pointing to a modest however significant gender hole in formal digital literacy publicity that focused interventions might handle.
Sharing Private Information On-line
Most Kenyans specific discomfort sharing private information on-line, but the information they routinely share tells a distinct story.
There’s a placing disconnect between expressed discomfort and precise behaviour on this information. Three quarters of respondents say they aren’t comfy sharing private data on-line, but cellphone numbers (52%) and e mail addresses (51%) are shared routinely. Photographs and movies are shared by 32%. This isn’t essentially hypocrisy, it displays the sensible actuality that many digital companies in Kenya, from ride-hailing to meals supply to cell banking, require private information as a situation of use. The discomfort is actual, however the trade-off feels unavoidable.
Extra delicate classes, location information, nationwide ID numbers, and monetary particulars, are shared by simply 13% and 1% respectively. This implies respondents do draw a significant line round their most delicate identifiers, even when contact particulars move freely. The 13% who share location information commonly are notably uncovered, given how exactly location can be utilized to allow focused crime.
The excessive price of privateness coverage studying (56% all the time learn them) is a optimistic discovering. Nevertheless, analysis persistently reveals a spot between claiming to learn insurance policies and really studying them with comprehension. The true take a look at of engagement with privateness notices is whether or not individuals change their behaviour primarily based on what they learn, which requires insurance policies which are understandable within the first place.
Cybercrime is just not a distant risk, it’s private
The size of cell cash fraud in Kenya is not only anecdotal, it’s structural. Over 30 million Kenyans use M-Pesa commonly, and the platform processes greater than $50 billion yearly. This ubiquity creates an unlimited assault floor. In line with Techweez, Cell banking fraud instances surged 87% between 2023 and 2024, pushed by SIM-swap schemes, credential theft, and social engineering assaults. Between July and September 2025 alone, Kenya recorded an estimated KES 29.9 billion (roughly US$230 million) misplaced to cybercrime. 
Our survey discovered that 54% of respondents have skilled cell cash fraud, a determine that locations this squarely within the class of endemic danger somewhat than edge case. A 2021 FinAccess survey equally discovered that cell cash customers who reported dropping cash had risen from 8.4% in 2019 to 47.4% by 2021, although that determine consists of unintentional transfers. What’s constant throughout information sources is that cell cash fraud in Kenya is pervasive, rising, and deeply tied to on a regular basis monetary life.
37% of our respondents have personally misplaced cash to a cyber incident previously 12 months. Male respondents usually tend to report monetary loss (40% vs. 34% for girls), which can replicate variations in cell monetary exercise, or larger willingness amongst males to reveal losses. Nearly all of victims (74%) misplaced lower than KSh 5,000, a significant however recoverable sum. Nevertheless, 6% report dropping greater than KSh 50,000, representing a major tail of extreme monetary hurt.
Cell cash fraud calls for Kenya-specific responses 54% of respondents report cell cash fraud expertise. It is a risk class largely absent from international cybersecurity frameworks, pushed by SIM-swap schemes and social engineering that exploit the very platforms underpinning Kenya’s monetary inclusion story.
Belief in firms and confidence in Kenya’s information legal guidelines
Robust passwords are the most typical protecting measure at 78%, however the determine that stands out is two-factor authentication at 52%. That is considerably larger than international averages, and nearly actually displays Kenyan customers’ repeated publicity to 2FA by means of M-Pesa, cell banking apps, and fintech companies. Safety habits that emerged out of economic necessity have turn into extra generalised, a uncommon instance of cell cash’s safety structure having optimistic spillover results on person behaviour.
On the identical time, rising authentication traits recommend that even these sturdy habits could proceed to evolve. As highlighted on this BBC article on passkeys and the way forward for authentication, there’s a rising international shift away from conventional passwords towards passwordless programs similar to passkeys, that are designed to be safer and proof against phishing. These applied sciences construct on the identical rules that made two-factor authentication profitable, layered safety and person verification,however purpose to take away friction whereas bettering safety. In markets like Kenya, the place customers are already accustomed to multi-step verification by means of cell monetary companies, the transition to passwordless authentication could also be smoother and quicker than in areas the place such behaviours are much less entrenched.
On institutional belief, solely 47% of respondents belief firms, both utterly or considerably, to guard their private information. The biggest single group (33%) is impartial, which seemingly displays uncertainty somewhat than confidence. On legislation effectiveness, 59% view Kenya’s information safety legal guidelines as a minimum of considerably efficient, and 36% are sceptical. Notably, a 2025 modification invoice proposed growing the monetary penalties below the DPA from ‘whichever is decrease’ to ‘whichever is larger’ for big organisations, which might considerably improve regulatory publicity for non-compliant firms, and should start to shift public belief if enforcement turns into extra seen.
A inhabitants able to be taught
90% of respondents expressed curiosity in studying extra about information safety and cybersecurity. That is a rare degree of expressed demand, and it interprets straight into a chance. The query is just not whether or not Kenyans wish to be educated on this matter, however whether or not the schooling on provide meets them the place they’re, within the format they like, and on the degree of sensible actionability they want.
Social media leads as the popular channel at 83%, which aligns with the place individuals are already encountering details about information safety. Campaigns on WhatsApp, TikTok, Instagram, and X that use short-form video, relatable eventualities, and native language are more likely to obtain the best penetration. TV and radio stay necessary at 57%, notably in peri-urban and rural areas the place information prices stay a barrier to heavy smartphone use. In line with the Communications Authority of Kenya, web penetration in rural areas nonetheless trails city entry considerably, making broadcast media a essential complementary channel. 
Faculty schooling (39%) and office coaching (23%) additionally function prominently, suggesting urge for food for extra structured, credentialed types of digital literacy schooling past the scroll-and-watch mannequin of social media. That is notably related for policymakers designing Kenya’s long-term digital abilities agenda, cybersecurity schooling that begins in secondary faculty and is bolstered by means of employer-led programmes is more likely to compound in influence over time in ways in which social media campaigns can’t.
Social media is the logical start line 83% desire social media campaigns and 77% already discovered about information safety by means of social platforms. Campaigns that meet Kenyans on WhatsApp, TikTok, and Instagram — in Swahili and English — can have the best attain.
Key Takeaways
- Cybercrime publicity is near-universal 61% have skilled phishing, 54% cell cash fraud, 31% account hacking. 75% know somebody personally who has been a sufferer. This isn’t a marginal danger, it’s mainstream.
- The notice–behaviour hole is actual Excessive DPA consciousness and expressed warning about information sharing coexist with widespread sharing of contact particulars and important password reuse. Training should transfer from consciousness to actionable behaviour change.
- Cell cash fraud wants tailor-made coverage responses The size of cell cash fraud marks Kenya as a definite risk atmosphere. Generic cybersecurity frameworks are inadequate. Trade-level responses from the Central Financial institution of Kenya, Safaricom, and telecom operators are wanted.
- Demand for schooling is a real alternative 90% wish to be taught extra. Organisations and platforms that put money into accessible, sensible cybersecurity content material in native languages can be assembly a clearly acknowledged public want.
- Institutional belief should be earned by means of enforcement Solely 47% belief firms with their information. Because the ODPC steps up enforcement and the DPA modification invoice progresses, seen accountability actions can be important to rebuild public confidence.
Methodology/About this Survey
This Unique Survey was powered by GeoPoll’s AI platform; Tuucho run by way of the GeoPoll cell utility and Cell net in Kenya, the pattern dimension was 1,813, composed of random customers between 18 and 50. Because the survey was randomly distributed to an and the outcomes are barely skewed in direction of youthful respondents, and concrete residents (59% city, 24% rural, 17% peri-urban) and gender: 50% feminine, 50% male. All questions had been self-administered by way of cell survey in English. Response charges and regional weights can be found on request.
The examine got down to perceive how on a regular basis Kenyan web customers understand and expertise the digital safety panorama — masking consciousness of Kenya’s Information Safety Act, attitudes towards private information sharing, the prevalence and monetary influence of cyber incidents, belief in firms and authorities to safeguard information, and urge for food for additional schooling on cybersecurity. With Kenya’s mobile-first digital economic system making platforms like M-Pesa central to each day monetary life, the survey was designed to seize not simply normal cybersecurity sentiment however the particular threats and behaviours shaping the expertise of a inhabitants navigating considered one of Africa’s most dynamic, and most uncovered digital environments.
Please get in contact with us to get extra particulars about our capabilities, discover extra on numerous matters in Africa, Asia, and Latin America.
