Kenya is intensifying its efforts to bolster digital resilience as government agencies, industry leaders, and cybersecurity experts gather in Naivasha for the 6th Annual Information Security Management Systems (ISMS) Conference.
Jointly organised by the Kenya Bureau of Standards (KEBS) and the National Computer and Cybercrimes Coordination Committee (NC4), the six-day conference addresses the escalating frequency, sophistication, and disruptive potential of cyber threats. It convenes policymakers, regulators, ICT professionals, private sector organisations, civil society, development partners, and cybersecurity solution providers to formulate practical strategies for safeguarding Kenya’s expanding digital economy.
The meeting follows a significant surge in cyber threat activity targeting Kenyan institutions. Between April and June 2025, the country detected over 4.5 billion cyber threat events, an 80.7 per cent increase from the preceding quarter. A further 4.3 billion incidents were recorded between October and December, highlighting the scale and persistence of attacks against both public and private sector systems.
The threat landscape has evolved considerably, with organisations now confronting ransomware attacks capable of crippling essential services, AI-enabled phishing campaigns exploiting human vulnerabilities, Business Email Compromise (BEC) schemes targeting financial transactions, Distributed Denial-of-Service (DDoS) attacks disrupting online services, web application exploits, and increasingly sophisticated mobile malware.
Public administration remains the most targeted sector, followed by information services and the financial sector. Cybersecurity experts have also voiced concerns about organised threat groups exploiting unpatched systems and supply chain vulnerabilities, underscoring the imperative for stronger preventive measures and coordinated national action.
Against this backdrop, the ISMS Conference aims to promote internationally recognised information security standards as a foundational element for enhancing cyber resilience across organisations.
Central to the discussions will be ISO/IEC 27001, the global standard for Information Security Management Systems, which provides organisations with a structured framework for identifying, managing, and mitigating information security risks.
KEBS says the conference seeks to move beyond mere awareness by providing a platform for collaboration, innovation, and practical implementation. Decision-makers will directly engage with cybersecurity solution providers to evaluate technologies addressing emerging risks, while technical professionals will participate in specialised training designed to strengthen organisational preparedness and incident response capabilities.
Participants will also share experiences in implementing Information Security Management Systems, highlighting lessons learned, governance approaches, and best practices that can be replicated across sectors. Organisers anticipate that this peer-learning model will help institutions improve compliance, strengthen risk management, and build long-term digital resilience.
Another key objective is to foster stronger collaboration among regulators, industry leaders, and technology innovators. By encouraging greater alignment on cybersecurity standards and policy, the conference aims to support a more coordinated national response to cyber threats while encouraging investment in advanced security technologies.
The programme combines executive-level discussions with technical capacity-building sessions. The initial two days will feature parallel workshops for senior executives and ICT professionals. Executive sessions will focus on cybersecurity governance, strategic investments, and organisational leadership, while technical workshops will offer hands-on demonstrations, implementation guidance, and practical solutions for addressing evolving cyber threats.
The main conference agenda includes keynote presentations, expert panel discussions, case studies from organisations that have successfully implemented Information Security Management Systems, live technology demonstrations, and exhibition booths showcasing the latest cybersecurity innovations.
KEBS and NC4 affirm that the conference reflects the growing recognition that cybersecurity is no longer solely an ICT function but a strategic governance issue demanding leadership at the highest organisational levels.
As Kenya’s national standards body, KEBS says it continues to champion the adoption of internationally recognised standards that assist organisations in strengthening quality assurance, compliance, and information security. NC4 complements this role by coordinating national cybersecurity policy, enhancing cyber readiness, facilitating threat intelligence sharing, and strengthening incident response across government institutions.
Together, the two organisations have positioned the conference as a national policy and knowledge-sharing platform that promotes consistent cybersecurity practices rather than simply showcasing technology solutions.
Organisers expect the conference to strengthen partnerships between government, industry, and technology providers while accelerating the adoption of modern cybersecurity solutions. They also anticipate improved technical capacity, stronger institutional preparedness, and increased cross-sector collaboration in responding to cyber threats.
The conference takes place as Kenya accelerates digital transformation across government services, finance, healthcare, education, and commerce. As more critical services migrate online, the need for robust information security frameworks has become increasingly urgent to safeguard sensitive data, protect essential infrastructure, and maintain public confidence in digital systems.
KEBS and NC4 have invited government institutions, private sector organisations, academic institutions, civil society, and technology providers to actively participate in the conference, describing collective action as essential to building a secure and resilient digital ecosystem.
