Nairobi — Kenya recorded a plunge in cyber threats in the first quarter of the financial year, with attacks falling 81.6 percent to 842.3 million incidents, new data from the Communications Authority (CA) shows.

The decline follows a spike of 4.6 billion threats in the previous quarter.

Despite the sharp drop, regulators say the threat environment remains volatile, with organisations still exposed to vulnerabilities exploited through outdated systems, weak passwords, and poor cyber hygiene.

Keep up with the latest headlines on WhatsApp | LinkedIn

"The National KE-CIRT/CC detected 842.3 million cyber threat events during the quarter," the CA notes.

"Advisories increased to 20 million due to regular system updates, access controls and hardening of security tools."

System vulnerabilities accounted for the bulk of detected threats 776.5 million cases even as malware, brute force and DDOS attacks registered double-digit declines.

The shift shows attackers increasingly targeting weak entry points in enterprise systems rather than broad, high-volume attacks.

Advisories issued by the national cyber response centre jumped 15.5 percent to 19.95 million, signalling heightened intervention to guide organisations on patching weaknesses, enhancing firewalls and tightening authentication processes.

The numbers highlight a sector that is stabilising but still under pressure as digital adoption accelerates across government, finance, telecoms and e-commerce expanding both opportunity and exposure for cyber criminals.