Agora Group Co-founder and CEO Hadi Maeleb said that the threats to online businesses were growing at an exponential rate as more than 90 per cent of the business owners are unaware that their enterprises are at risk. “Cybercriminals are now targeting small businesses more as they have realized that these enterprises do believe they would be exposed due to their comparatively low turnovers until they lose their data and payments are compromised,” said Maeleb. He noted that there is no silver bullet to cybercrime and in addition to awareness about the threats, the business owners must go beyond to invest in cybersecurity tools. Unfortunately for them, the business of cybercrime has evolved to a point where attacks like ransomware are now sold as a service. “This ‘democratization’ of cyberattacks is expected to push losses due to business interruption, financial theft, personal data breaches and even ransom payments over the Kshs 4 trillion mark by end of 2022,” added Maeleb. Kenya, he pointed out, is a leading country in the use of ICT, with more than 1 million businesses running online, using both websites and social media profiles. According to Maeleb, this is an attractive environment for threat actors, with reality only hitting business executives and owners the moment they become victims. Kenya’s ICT Policy which came into effect in 2006, can be credited for providing the overall direction for the creation of an enabling environment for ICT growth and usage in Kenya. To achieve the Vision 2030 goal of Kenya as a regional ICT hub, the ICT sector was expected to contribute directly and indirectly to an additional 1.5% of Kenya’s GDP by 2017/2018. Nonetheless, it is important to note that the continued use of such platforms presents a growing sense of danger to the safety and security of such platforms. The Communications Authority of Kenya reported a 47.3% increase in cybercrimes in the past year reaching 37.1 million separate attacks. The task of the National Computer and Cybercrimes Coordination Committee, which was established to coordinate cyber activities and be the central point of contact for all matters cybersecurity in Kenya, is to rally all stakeholders to prioritize cybersecurity and adopt a proactive approach when dealing with cybersecurity matters. This is because policy gaps in key areas persist, including fostering creativity and artistic expression, lack of an infrastructure sharing policy, industry code of practice, continued information sharing and low network integrity.