East African cities such as Nairobi, Kampala and Dar es Salaam are witnessing an expansion of digital infrastructure on a scale not seen before. Banks are embracing cloud computing; governments are digitising public services and mobile platforms have become the default channel for millions of citizens.
These innovations will help people get into the economy and work better. But now, the region must deal with a new reality.
When important services depend on digital infrastructure, any threat to the infrastructure is not just an IT problem. It is a public and economic risk. This has elevated cyber risk to a core government and boardroom issue.
Globally, cybersecurity strategies are shifting to meet these new realities. The NTT DATA Technology Foresight 2025 report highlights “accelerated security fusion,” an approach that integrates real-time analytics, AI-powered threat detection and advanced security tools into unified systems.
For East African enterprises, this model offers a way to overcome persistent challenges of fragmented infrastructure and limited resources.
Traditional perimeter-based security approaches are no longer sufficient, especially in an era of hybrid work and cloud-driven operations.
A zero trust architecture — where every access request is treated as untrusted until verified — provides a more dynamic and effective way of managing risk.
Artificial intelligence is at the centre of the new cybersecurity battlefield. On the one hand, AI-driven behavioural analytics can detect anomalies that point to insider threats or compromised accounts.
Local banks, phone companies or even county governments can now put in systems that watch for strange patterns in real time. These systems can look for suspicious transactions that may show fraud or money laundering. On the other hand, AI is a double-edged sword.
The same tools that defenders use to detect anomalies can be exploited by attackers to craft highly convincing phishing messages or automate intrusion attempts. In a region already grappling with a shortage of cybersecurity professionals, the risk of falling behind in this AI-powered arms race is significant.
Addressing these challenges requires collaboration. Cyberfusion centres, which bring together threat intelligence, incident response and risk management, offer a proactive model for security.
While building such centres may appear beyond the reach of many East African firms, regulators, industry players and technology providers can collaborate to create shared intelligence frameworks and sector-wide defences. Information-sharing and joint capacity-building initiatives could help spread best practices across borders, reducing the asymmetry between attackers and defenders.
At the same time, the region must prepare for tomorrow’s risks. The coming era of quantum computing poses an entirely new frontier of danger, with the potential to render current encryption standards obsolete.
For institutions managing sensitive data — such as national ID registries, financial systems or health records — preparing for post-quantum security is no longer theoretical; it is a present-day necessity. Similarly, identity protection must evolve.
Biometrics, multiple-factor authentication and continuous verification must be part of user experiences. This will ensure protection without making it harder to use. Cyber risk should also be elevated firmly into the boardroom agenda, with directors treating it as a core business issue rather than a back-office technical matter.
Technology alone, however, cannot secure East Africa’s digital future. Human capital is equally critical. Closing the cybersecurity skills gap requires investment in training, university programs, industry partnerships and regional centres of excellence. Just as important is public awareness.
Many breaches still begin with a simple human error — a careless click on a phishing link or a weak password. Getting people to do small but helpful things, like making it easier to log in with more than one password or reporting suspicious emails, can help the region become more resilient.
Securing our digital world is not only a technical challenge — it is a societal responsibility. Governments, businesses and individuals must all play their part. East Africa’s digital future is filled with promise, but that promise will only be realised if it rests on a foundation of trust, resilience and security.
The question is not whether the region will face another breach, but how prepared it will be when that breach comes. The time to act is now. By adopting advanced strategies, collaborating across sectors and investing in both technology and talent, East Africa can stay ahead in the cyber arms race and secure a digital future that benefits all its citizens.
The writer is team Lead, Threat Intelligence Centre, NTT DATA in East Africa.
