The National Assembly has approved the establishment of the National Cybersecurity Agency (NCSA), paving the way for the creation of a powerful institution tasked with defending Kenya’s digital infrastructure against increasingly sophisticated cyber threats.
The approval marks a significant step in strengthening the country’s cybersecurity framework as Kenya continues its rapid transition into a digital economy.
New Agency to Lead Kenya’s Cybersecurity Efforts
In a statement released on Monday, the Interior Ministry welcomed Parliament’s approval of the National Cybersecurity Agency Order, 2026, describing it as a major milestone in enhancing the country’s ability to prevent, detect and respond to cyberattacks.
The agency will operate as an autonomous regulatory and technical institution responsible for coordinating national cybersecurity initiatives and protecting critical information infrastructure that supports government services, businesses and national security.
According to the ministry, President William Ruto established the agency through the National Cybersecurity Agency Order, 2026, under the State Corporations Act.
Why Kenya Needs the NCSA
The government noted that Kenya’s digital economy has experienced tremendous growth in recent years through:
- Mobile money services.
- Digital financial platforms.
- E-government systems.
- Telecommunications services.
- Health information systems.
- Education technology.
- Online commerce.
While these developments have boosted innovation, investment and service delivery, they have also exposed the country to emerging cyber risks.
“The creation of the agency comes at a time when Kenya’s digital economy continues to expand,” the ministry stated.
Rising Cybersecurity Threats
The Interior Ministry warned that cyber threats continue to evolve and pose serious risks to both public and private institutions.
Among the major concerns highlighted include:
- Cybercrime.
- Ransomware attacks.
- Online fraud.
- Identity theft.
- Malicious software attacks.
- Data breaches.
- Misinformation campaigns.
- Attacks targeting critical digital infrastructure.
The ministry noted that these threats could undermine national security, disrupt economic activities and erode public confidence in digital services.
“As government institutions, businesses and citizens become increasingly reliant on digital technologies, strengthening cybersecurity has become a national priority,” the ministry said.
Key Roles of the National Cybersecurity Agency
The newly approved agency will provide a coordinated national framework for preventing, detecting, responding to and recovering from cyber incidents.
Its responsibilities will include:
Developing Cybersecurity Strategies
The NCSA will formulate and oversee the implementation of national cybersecurity policies and strategies across both public and private sectors.
Protecting Critical Infrastructure
The agency will audit and certify the cybersecurity resilience of designated critical information infrastructure to ensure they meet required security standards.
Managing Cyber Operations
The institution will oversee the National Cybersecurity Operations Centre while supporting sector-based cybersecurity operations centres.
Coordinating Incident Response
The agency will coordinate national responses to cybersecurity incidents, ensuring swift action during attacks.
Technical Assessments and Advisories
Experts within the agency will conduct technical evaluations of digital networks, identify vulnerabilities and issue advisories aimed at improving preparedness.
Cybersecurity Centre of Excellence
One of the agency’s most ambitious initiatives will be the establishment of a Cybersecurity Centre of Excellence.
The centre will focus on:
- Research and innovation.
- Skills development.
- Professional certification programmes.
- Specialised cybersecurity training.
- Technical capacity building.
- Development of local cybersecurity solutions.
The government believes the initiative will help bridge Kenya’s growing cybersecurity skills gap.
Multi-Sector Collaboration
Recognising that cybersecurity is a shared responsibility, the NCSA will work closely with:
- Government institutions.
- Security agencies.
- Industry stakeholders.
- Regulators.
- Universities and research institutions.
- Development partners.
- International cybersecurity networks.
“The establishment of the National Cybersecurity Agency reflects the Government’s recognition that cybersecurity is no longer solely a technical issue but a strategic national security, economic and governance priority,” the ministry said.
What This Means for Kenya
The approval of the National Cybersecurity Agency signals the government’s commitment to protecting citizens, businesses and institutions as the country accelerates its digital transformation agenda.
A secure cyber environment is increasingly viewed as essential for:
- Protecting personal and institutional data.
- Supporting business continuity.
- Attracting local and foreign investment.
- Enhancing trust in digital services.
- Safeguarding national interests.
As Kenya embraces a technology-driven future, the NCSA is expected to play a crucial role in ensuring the country’s digital growth remains secure and resilient.