Efficacy of the Cyber Security Legal Framework in Addressing Cybercrime: A Focus on Kenya

Abstract

Internet access has considerably increased globally and in Kenya over the last decade. The widened internet reach catalysed the shift of service provision to the cyberspace. Government services (education, human resource, tax administration and procurement); financial services (mobile banking and saving platforms like M-shwari) among other sectors have embraced utilising the internet and Information, Communication and Technology in conducting their business. Individuals have similarly embraced and moved to the cyberspace to engage socially and economically with others through social media platforms and other applications for different services such as transport and food delivery (Uber, Bolt, Glovo and Uber Eats).

The onset of the unprecedented Covi-19 pandemic also provided a unique opportunity for other services to shift from manual systems to digital based systems or online service delivery. To mitigate the spread of the deadly virus, predominantly manual based institutions (such as the judiciary and learning institutions), organisations and business enterprises shifted their service delivery to the cyberspace. These resultantly introduced virtual hearings and learning as well as remote working and online shopping. Increase in internet access and use of ICT also had a corresponding effect on cybercrime which also substantially increased. It was observed that whereas the State enacted legislation and established institutions to combat cybercrime, cyber threat incidents were on the rise.

In view of the growing security and economic concerns tied to cybercrime, the study reviews the existing Cybersecurity regulatory and institutional framework in Kenya to assess its impact in addressing cybercrime. This paper will also interrogate the research questions in the study. The researcher utilised doctrinal legal research which was best suited owing to the security and liability concerns that would limit disclosure by organisations and institutions on their vulnerabilities to cyber threats. The study established that an increase in use of the internet and ICT resulted in a corresponding increase in prevalence of cybercrime which continued to persist despite existence of a legal and institutional framework on cybercrime. Resultantly, it was established that lack of awareness, poor cyber hygiene and limited expertise in detection and investigation of cybercrimes contributed to the prevalence rate of cybercrime.