NAIROBI, Kenya, June 22 – Kenya is set to establish a new agency to coordinate the country’s fight against cybercrime after the National Assembly approved the National Cybersecurity Agency Order, 2026.
The new National Cybersecurity Agency (NCSA), to be established under the State Corporations Act, will coordinate national cybersecurity efforts and strengthen the protection of critical digital infrastructure as cyber threats become more sophisticated.
The agency will serve as the country’s central cybersecurity institution, working with government agencies, security bodies, regulators, private sector players, academic institutions and international partners to prevent, detect and respond to cyber threats.
Its mandate will include developing and overseeing national cybersecurity strategies, auditing and certifying the resilience of critical information infrastructure, managing the National Cybersecurity Operations Centre and coordinating responses to cyber incidents.
The agency will also conduct technical assessments of digital networks, identify emerging vulnerabilities and issue advisories on cybersecurity risks.
The move comes amid growing concerns over cybercrime, including ransomware attacks, online fraud, identity theft, data breaches, malicious software and attacks targeting critical digital infrastructure.
The need for stronger cybersecurity measures has increased as government institutions, businesses and citizens become more reliant on digital platforms and online services.
According to the latest data from the Communications Authority of Kenya, the National Kenya Computer Incident Response Team Coordination Centre (KE-CIRT/CC) detected 3.37 billion cyber threat events between January and March 2026.
Although this represented a 26.15 percent decline from the previous quarter, authorities say the volume of attacks highlights the scale and sophistication of cyber threats facing the country.
During the same period, KE-CIRT/CC issued 20.58 million cybersecurity advisories to organizations and internet users as part of efforts to mitigate emerging digital risks.
The establishment of the agency is expected to provide a more coordinated national framework for protecting Kenya’s digital economy and enhancing cyber resilience across both public and private sectors.
