KICTANet’s submission to the intersessional meeting, 2-4 December 2019, New York UN Headquarters: 405 East 42nd Street, New York, NY, 10017 EU Delegation: 666 3rd Ave, New York, NY 10017
Cybersecurity continues to be a concern not only for the government, but also is an important issue
for private sector companies and groups, the technical community, academia, civil society groups and
other non-governmental actors. This is due to its enormous implications for information security,
critical infrastructure, economic prosperity, public safety as well as their relations with other
The government of Kenya has embraced digital finance and online self-service platforms as an avenue
for service delivery. Local banks and financial institutions have been on a mission to introduce various
mobile and online financial services. Telecoms companies are competing to offer mobile payments
and money transfer services using various products. Micro-finance institutions are offering mobile
based loans. In addition, global companies such as Amazon and AliExpress now ship to Kenya, with
the latter accepting payments through mobile money platform- mPesa. Other services that can be
accessed online and paid for through mobile money platforms include electricity, water, insurance,
travel, and examinations (equate the mobile money to the credit card).
However, it is important to note that the continued use of such platforms presents a growing sense
of danger on the safety and security of such platforms. The government, and financial services sector
including banking and mobile money services remain the top risk areas for the country.
The risks include: malware attacks and disruption of business processes targeting critical mobile and
internet banking infrastructure; social engineering aided by the mobile phone, third-party misuses or
shares of confidential data; data breaches; and attacks on IT infrastructure resulting in downtime.
Other risks are: insufficient technical, investigation, prosecutorial and judicial capacity of law
enforcement agencies; low levels of public awareness on security; outdated laws, policies and
strategies; weak internal security practices and standards in key institutions; poor detection and
reporting of attacks; and, weak coordination among relevant agencies, industries and institutions.
In our work with Global partners Digital, we have seen and agreed that Cybersecurity is everyone’s
responsibility. Guaranteeing cybersecurity is a role that all relevant stakeholders have to play based
on their respective mandates. And the development and implementation of policies, laws and
strategies on cybersecurity can only be effective when done through multistakeholder approaches. A
multistakeholder approach recognizes the essence of public participation, and is designed to ensure
that cyber-policy making processes are open, transparent, inclusive and value-based. Effective
stakeholder engagement starts with a clear objective for consultation, followed by the identification
of people and organizations with a specific interest in the initiative (like we are doing now). And most
important, there must be commitment from political leaders in support of cybersecurity. This allows
policymakers to understand stakeholders, their roles and divergent interests (including tolerance on