Cyber security top concern for many East African firms

Three in every four organisations operating within the East African region have identified cyber risks as their top running concern, with 34 percent of surveyed firms revealing a six to 10 percent cybersecurity budget boost plan next year, a new report shows.

Findings from the 2025 PWC East Africa Digital Trust Insights (DTI) Survey show that the concern level is above the global average, which stands at 57 percent, with emerging technologies such as Generative Artificial Intelligence (GenAI) widening the cyber-attack surface.

Data shown in the report trains focus on responses from Kenya, Rwanda, Tanzania, Uganda, Zambia and Mauritius.

“East African organisations are navigating a complex landscape, where regulatory compliance, third-party breaches, and social engineering attacks are testing their resilience,” notes PWC regional consulting and risk services leader for East Africa Vikas Sharma.

“In response, 44 percent of businesses are focusing on regulatory alignment, and many are making bold investments to modernise their infrastructure and upskill their teams,” he adds, noting that despite the emerging challenges, business leaders in the region are showing strong collaboration and engagement at the board level.

According to the survey, 96 percent of security leaders and Chief Finance Officers surveyed, report that cybersecurity regulations have prompted them to increase their investments in security measures over the past year.

A majority of corporate executives (78 percent) in the region exuded confidence in their organisations’ ability to comply with data protection regulations, while 77 percent expressed sureness in their ability to conform to consumer privacy rules.

Within the region, 59 percent of organisations report that key cyber metrics are discussed at the board level, considerably higher than the global average of 35 percent.

“Nevertheless, only 22 percent of East African organisations involve their boards in discussions about the cyber and privacy implications of major operating model changes, compared to 34 percent globally,” notes the report.

“This gap underscores the need for leadership to integrate cybersecurity into broader business transformation strategies.”

The survey further reveals that 54 percent of organisations within the region have fully integrated the identification of critical business processes into their cyber strategy, surpassing the global average of 42 percent.

On the downside, however, the report says that other key resilience actions remain underdeveloped, with only 29 percent of organisations in the region are conducting tabletop exercises, while just 32 percent are engaging in peer collaboration, which actions the report says would significantly improve their preparedness for real-world cyber incidents and strengthen collective defences.

“To fully safeguard against evolving threats, companies must go beyond partial implementation and accelerate the adoption of these critical resilience measures,” PWC recommends in the report.

“East African organisations should place greater emphasis on cyber recovery planning and collaboration across industries. By fully incorporating these actions into their strategies, they will be better positioned to address existing gaps and navigate the complex cyber threat landscape.”