Zachary Ochuodho @zachuodho
Kenya lost approximately Sh29.5 billion to cyber criminals up from Sh21 billion recorded in a similar period in 2017, a report by Serianu indicates.
According to the report, out of the total amount reportedly lost, Sh885 million was direct loses, while Sh2.06 billion was lost through indirect costs by affected companies.
Serianu Ltd chief executive William Makatiani said indirect costs, which took the lion’s share of total loss, include costs factored in anticipation of cybercrime by companies, such as antivirus software, insurance and compliance.
Makatiani said the financial sector (commercial banks, saccos and insurance firms), mobile phone service providers, betting firms and the government were the most affected sectors.
Losses from computer fraud were estimated at Sh230 million, business email compromises at Sh100 million while cheque fraud stood at Sh70 million with identity theft coming a close fourth at Sh66 million.
“There is a need to sensitise everyone including the youth on what cyber security is and how it can be dealt with,” said Makatiani.
He called on schools to start teaching children about cyber security. He advised the board of directors of companies to set aside a budget for cybersecurity to prevent attacks.
Auditor General Edward Ouko said security is not an IT department issue, but a responsibility of everyone in the country.
He said breaches, leaked documents and cyber security attacks impact the reputation of the organisation and, therefore, it a responsibility that must be shared among employees and CEOs.
Ouko challenged both private and public institutions to identify who the perpetrators are, who in the office is the weakest link in the chain and who in the office is going to take charge to mitigate the risk.
Serianu chief operating officer Joseph Mathenge said cyber criminals have a strong preference for financial institutions.
Mathenge said the drive by organisations to invest more in hack proof systems and processes was gaining momentum, driven partly by compliance to stem losses, protect those organisations’ reputations and institute a greater level of risk management. Yet, software and computers alone are insufficient to curtail the criminal onslaught.
The Cyber Security report by Serianu also revealed that Africa lost Sh350 billion to cyber security with financial institutions being the most affected.
Mathenge decried lack of skilled personnel and poor remuneration as some of the key challenges facing both private and public sector operators in dealing with cyber security threats.