Fraud incidents in Kenya’s financial sector more than doubled in 2024, with both the number and value of cases rising as cyber criminals exploited the growing shift to digital banking. The Central Bank of Kenya (CBK), in its Financial Sector Stability Report 2024, warned that escalating fraud and cyber risks pose a major threat to the stability and public trust of the banking system.
According to the report, reported fraud rose to 353 in 2024, up from 173 in 2023, while the value exposed surged nearly threefold to KES 2.0 billion from KES 680.9 million in the same period. The total amount lost also increased significantly by 286.5% to KES 1.6 billion in 2024 compared to KES 412.5 million the previous year. Mobile banking fraud accounted for the largest share of incidents with 146 cases that resulted in KES 810.7 million in losses. Online banking fraud followed with 106 cases worth KES 111.8 million. Card related fraud saw 24 cases leading to KES 263.3 million in losses while identity thefts comprised 56 cases valued at KES 199.1 million.
In response to rising cyber threats, the CBK has established the Banking Sector Cybersecurity Operations Centre (BS-SOC), a digital hub aimed at enhancing the resilience of Kenya’s financial system against increasingly sophisticated attacks. Announced in September 2025, the BS-SOC operates under the CBK’s Fusion Unit and provides real-time cyber threat intelligence, incident response, digital forensics and cyber investigations services across the banking sector.
According to the regulator, the centre is a key part of the Strategic Plan 2024-2027 and supports implementation of the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cyber Management) Regulations, 2024.
CBK also confirmed that it has begun the process of aligning and harmonising the Commercial Banks Cybersecurity Guidelines, 2017 and the Payment Service Providers Cybersecurity Guidelines, 2019 with the new 2024 regulations. The harmonised framework will formalise the BS-SOC as the designated reporting hub for cybersecurity incidents in the financial sector. Licensed institutions will be required to notify the centre of any material cyber incidents within defined timelines and maintain compliance with both existing and emerging cyber-risk management standards until the integration process is complete.
The regulator emphasised that the success of the BS-SOC will rely heavily on collaboration between the CBK, banks and other financial stakeholders. The CBK noted that the partnership was imperative to enhance the resilience of the banking sector against the significant and persistent challenges posed by sophisticated cyber-threat actors.
With digital transformations forming the backbone of Kenya’s modern financial ecosystem, CBK’s new initiative signals a decisive step toward a more coordinated national defence against cybercrime. The move underscores the regulator’s intent to strengthen operational security while safeguarding customer confidence and the integrity of Kenya’s fast evolving digital economy.
