Kenya’s digital inhabitants is extremely lively on-line, broadly conscious of the nation’s knowledge safety framework, and deeply apprehensive about cybercrime. But consciousness has not absolutely translated into protecting behaviour, and monetary losses from cyber incidents are widespread.
GeoPoll carried out this survey throughout Kenya in April 2026 to grasp how extraordinary folks expertise the digital safety panorama, from consciousness of authorized protections to the safety incidents they’ve personally encountered. Most respondents use the web a number of occasions a day, primarily via smartphones. Social media is near-universal. Cellular cash platforms like M-Pesa sit on the coronary heart of every day monetary life, and, as the info reveals, on the coronary heart of fraud publicity too.
- 73% are conscious of Kenya’s Knowledge Safety Act (2019), Practically three in 4 Kenyans have heard of the Knowledge Safety Act, 2019, a powerful outcome for a regulation enacted simply over 5 years in the past. Consciousness is highest amongst city,
- 37% Misplaced cash resulting from a cyber-related incident. Multiple in three respondents suffered direct monetary loss from a cyber incident over the previous 12 months. Cellular cash fraud and phishing are the first vectors. Male respondents usually tend to report losses (40%) than ladies (34%)
- 90% Taken with studying extra about cybersecurity. 9 in ten respondents need to study extra about cybersecurity, a degree of demand that’s genuinely distinctive and represents a transparent mandate for private and non-private sector schooling initiatives.
- 69% Very involved about cybercrime in Kenya. Cybercrime concern is near-universal, with 69% ‘very involved’ and an extra 16% ‘considerably involved’ which means 85% of all respondents categorical vital fear in regards to the menace.
75% of respondents are uncomfortable sharing private data on-line, but over half often share their telephone quantity and e-mail deal with on digital platforms.
Kenya is on-line, and it’s mobile-first
Practically 9 in ten respondents entry the web a number of occasions a day. The smartphone dominates, and social media is the near-universal digital entry level.
Social media dominates at 88%, in step with Kenya’s place as one among Africa’s most lively social media markets. Electronic mail (42%) and on-line banking (32%) comply with, with e-commerce at simply 2%, a sign that cellular cash platforms have successfully absorbed the transactional position that on-line retail occupies elsewhere. The smartphone is the gateway to all of this: 79% of respondents cite it as their major web gadget. This isn’t a brand new pattern however an accelerating one, Kenya’s mobile-first web financial system has been constructed on the again of sub-$100 Android handsets and aggressive cellular knowledge pricing from operators like Safaricom, Airtel, and Telkom.
Web entry is intensive slightly than occasional. 87% of respondents join a number of occasions every day, which suggests Kenyan customers are constantly uncovered to the digital surroundings, and to its dangers. Understanding cybersecurity for Kenyan customers is just not about defending a tool that will get used as soon as per week. It’s about securing the software that manages cash, communication, enterprise, and social life across the clock.
Excessive DPA consciousness, however understanding lags behind
The Knowledge Safety Act, 2019 got here into pressure on 25 November 2019, making Kenya one of many first international locations in East Africa to undertake complete knowledge safety laws modelled on the EU’s GDPR. Enforced by the Workplace of the Knowledge Safety Commissioner (ODPC), the Act provides each Kenyan the correct to know what private knowledge is held about them, how it’s used, and the correct to have it corrected or deleted. In 2025 alone, Kenyan organisations paid over KES 30 million in compensation to people for privateness violations, signalling that enforcement is intensifying. 
73% of respondents have heard of Kenya’s Knowledge Safety Act (2019). Nevertheless, self-reported understanding of how firms use private knowledge tells a extra nuanced story.
That 73% of our respondents have heard of the Act is an encouraging headline. However consciousness is just not the identical as understanding — solely 36% say they perceive ‘very nicely’ how firms use their private knowledge, and 28% say they don’t perceive it very nicely in any respect. This hole between understanding a regulation exists and understanding its sensible implications for one’s personal digital behaviour is exactly the area the place exploitation occurs.
Social media is overwhelmingly the main supply of information safety schooling at 77%, practically double information and conventional media (44%). Authorities campaigns attain solely 14%, suggesting official public schooling efforts have vital room to develop. Amongst males, DPA consciousness is barely larger at 76% vs. 70% amongst ladies, pointing to a modest however significant gender hole in formal digital literacy publicity that focused interventions might deal with.
Sharing Private Knowledge On-line
Most Kenyans categorical discomfort sharing private knowledge on-line, but the info they routinely share tells a special story.
There’s a hanging disconnect between expressed discomfort and precise behaviour on this knowledge. Three quarters of respondents say they aren’t comfy sharing private data on-line, but telephone numbers (52%) and e-mail addresses (51%) are shared routinely. Images and movies are shared by 32%. This isn’t essentially hypocrisy, it displays the sensible actuality that many digital providers in Kenya, from ride-hailing to meals supply to cellular banking, require private knowledge as a situation of use. The discomfort is actual, however the trade-off feels unavoidable.
Extra delicate classes, location knowledge, nationwide ID numbers, and monetary particulars, are shared by simply 13% and 1% respectively. This means respondents do draw a significant line round their most delicate identifiers, even when contact particulars stream freely. The 13% who share location knowledge often are notably uncovered, given how exactly location can be utilized to allow focused crime.
The excessive fee of privateness coverage studying (56% at all times learn them) is a constructive discovering. Nevertheless, analysis constantly reveals a niche between claiming to learn insurance policies and really studying them with comprehension. The true check of engagement with privateness notices is whether or not folks change their behaviour primarily based on what they learn, which requires insurance policies which can be understandable within the first place.
Cybercrime is just not a distant menace, it’s private
The size of cellular cash fraud in Kenya is not only anecdotal, it’s structural. Over 30 million Kenyans use M-Pesa often, and the platform processes greater than $50 billion yearly. This ubiquity creates an enormous assault floor. Based on Techweez, Cellular banking fraud instances surged 87% between 2023 and 2024, pushed by SIM-swap schemes, credential theft, and social engineering assaults. Between July and September 2025 alone, Kenya recorded an estimated KES 29.9 billion (roughly US$230 million) misplaced to cybercrime. 
Our survey discovered that 54% of respondents have skilled cellular cash fraud, a determine that locations this squarely within the class of endemic danger slightly than edge case. A 2021 FinAccess survey equally discovered that cellular cash customers who reported dropping cash had risen from 8.4% in 2019 to 47.4% by 2021, although that determine consists of unintentional transfers. What’s constant throughout knowledge sources is that cellular cash fraud in Kenya is pervasive, rising, and deeply tied to on a regular basis monetary life.
37% of our respondents have personally misplaced cash to a cyber incident prior to now 12 months. Male respondents usually tend to report monetary loss (40% vs. 34% for girls), which can mirror variations in cellular monetary exercise, or larger willingness amongst males to reveal losses. The vast majority of victims (74%) misplaced lower than KSh 5,000, a significant however recoverable sum. Nevertheless, 6% report dropping greater than KSh 50,000, representing a major tail of extreme monetary hurt.
Cellular cash fraud calls for Kenya-specific responses 54% of respondents report cellular cash fraud expertise. This can be a menace class largely absent from world cybersecurity frameworks, pushed by SIM-swap schemes and social engineering that exploit the very platforms underpinning Kenya’s monetary inclusion story.
Belief in firms and confidence in Kenya’s knowledge legal guidelines
Robust passwords are the most typical protecting measure at 78%, however the determine that stands out is two-factor authentication at 52%. That is considerably larger than world averages, and virtually actually displays Kenyan customers’ repeated publicity to 2FA via M-Pesa, cellular banking apps, and fintech providers. Safety habits that emerged out of economic necessity have turn out to be extra generalised, a uncommon instance of cellular cash’s safety structure having constructive spillover results on person behaviour.
On the similar time, rising authentication tendencies counsel that even these sturdy habits could proceed to evolve. As highlighted on this BBC article on passkeys and the way forward for authentication, there’s a rising world shift away from conventional passwords towards passwordless methods similar to passkeys, that are designed to be safer and immune to phishing. These applied sciences construct on the identical ideas that made two-factor authentication profitable, layered safety and person verification,however intention to take away friction whereas bettering safety. In markets like Kenya, the place customers are already accustomed to multi-step verification via cellular monetary providers, the transition to passwordless authentication could also be smoother and quicker than in areas the place such behaviours are much less entrenched.
On institutional belief, solely 47% of respondents belief firms, both utterly or considerably, to guard their private knowledge. The most important single group (33%) is impartial, which seemingly displays uncertainty slightly than confidence. On regulation effectiveness, 59% view Kenya’s knowledge safety legal guidelines as a minimum of considerably efficient, and 36% are sceptical. Notably, a 2025 modification invoice proposed rising the monetary penalties underneath the DPA from ‘whichever is decrease’ to ‘whichever is larger’ for giant organisations, which might considerably improve regulatory publicity for non-compliant firms, and should start to shift public belief if enforcement turns into extra seen.
A inhabitants able to study
90% of respondents expressed curiosity in studying extra about knowledge safety and cybersecurity. That is a rare degree of expressed demand, and it interprets immediately into a chance. The query is just not whether or not Kenyans need to be educated on this subject, however whether or not the schooling on provide meets them the place they’re, within the format they like, and on the degree of sensible actionability they want.
Social media leads as the popular channel at 83%, which aligns with the place persons are already encountering details about knowledge safety. Campaigns on WhatsApp, TikTok, Instagram, and X that use short-form video, relatable eventualities, and native language are prone to obtain the best penetration. TV and radio stay necessary at 57%, notably in peri-urban and rural areas the place knowledge prices stay a barrier to heavy smartphone use. Based on the Communications Authority of Kenya, web penetration in rural areas nonetheless trails city entry considerably, making broadcast media a vital complementary channel. 
Faculty schooling (39%) and office coaching (23%) additionally function prominently, suggesting urge for food for extra structured, credentialed types of digital literacy schooling past the scroll-and-watch mannequin of social media. That is notably related for policymakers designing Kenya’s long-term digital abilities agenda, cybersecurity schooling that begins in secondary college and is strengthened via employer-led programmes is prone to compound in influence over time in ways in which social media campaigns can’t.
Social media is the logical place to begin 83% desire social media campaigns and 77% already realized about knowledge safety via social platforms. Campaigns that meet Kenyans on WhatsApp, TikTok, and Instagram — in Swahili and English — may have the best attain.
Key Takeaways
- Cybercrime publicity is near-universal 61% have skilled phishing, 54% cellular cash fraud, 31% account hacking. 75% know somebody personally who has been a sufferer. This isn’t a marginal danger, it’s mainstream.
- The attention–behaviour hole is actual Excessive DPA consciousness and expressed warning about knowledge sharing coexist with widespread sharing of contact particulars and vital password reuse. Training should transfer from consciousness to actionable behaviour change.
- Cellular cash fraud wants tailor-made coverage responses The size of cellular cash fraud marks Kenya as a definite menace surroundings. Generic cybersecurity frameworks are inadequate. Business-level responses from the Central Financial institution of Kenya, Safaricom, and telecom operators are wanted.
- Demand for schooling is a real alternative 90% need to study extra. Organisations and platforms that spend money on accessible, sensible cybersecurity content material in native languages will probably be assembly a clearly said public want.
- Institutional belief should be earned via enforcement Solely 47% belief firms with their knowledge. Because the ODPC steps up enforcement and the DPA modification invoice progresses, seen accountability actions will probably be important to rebuild public confidence.
Methodology/About this Survey
This Unique Survey was powered by GeoPoll’s AI platform; Tuucho run by way of the GeoPoll cellular software and Cellular net in Kenya, the pattern measurement was 1,813, composed of random customers between 18 and 50. For the reason that survey was randomly distributed to an and the outcomes are barely skewed in the direction of youthful respondents, and concrete residents (59% city, 24% rural, 17% peri-urban) and gender: 50% feminine, 50% male. All questions had been self-administered by way of cellular survey in English. Response charges and regional weights can be found on request.
The examine got down to perceive how on a regular basis Kenyan web customers understand and expertise the digital safety panorama — overlaying consciousness of Kenya’s Knowledge Safety Act, attitudes towards private knowledge sharing, the prevalence and monetary influence of cyber incidents, belief in firms and authorities to safeguard knowledge, and urge for food for additional schooling on cybersecurity. With Kenya’s mobile-first digital financial system making platforms like M-Pesa central to every day monetary life, the survey was designed to seize not simply basic cybersecurity sentiment however the particular threats and behaviours shaping the expertise of a inhabitants navigating one among Africa’s most dynamic, and most uncovered digital environments.
Please get in contact with us to get extra particulars about our capabilities, discover extra on varied matters in Africa, Asia, and Latin America.