When a significant cyber incident hits, the first selections aren’t technical—they’re human. Who takes the lead? How shortly can info be shared? When ought to governments step in, and the way do you defend public belief whereas protecting important companies operating?
These questions are on the coronary heart of Microsoft’s Advancing Regional Cybersecurity (ARC) initiative, launched in 2025 to assist governments strengthen cyber preparedness by sensible, public-private collaboration. As we speak, we’re sharing the primary tangible output of that work: the ARC Kenya Train Report & Toolkit, developed by a tabletop train held in Nairobi in December 2025.
Developed with Kenya’s Nationwide Laptop and Cybercrime Coordination Committee (NC4) and RiskSight, the toolkit is a sensible planning useful resource designed to assist authorities and cross-sector leaders put together for cyber crises earlier than they happen. It’s grounded in actual conversations amongst leaders from authorities, regulators, vital infrastructure operators, legislation enforcement, academia, and the non-public sector working by what a severe cyber incident would demand of them, collectively.
Stress‑testing selections earlier than a disaster hits
The ambition of the “Silicon Savannah” makes Kenya a compelling setting for this work. Its digital financial system is increasing quickly—from cellular‑first monetary companies to cloud‑enabled public infrastructure—positioning the nation as a regional know-how chief. However speedy digital development additionally brings elevated publicity to extra refined cyber threats. As programs develop into extra interconnected, a severe cyber incident can shortly disrupt important companies, undermine public belief, and threaten financial stability.
Kenya’s method acknowledges this actuality and displays a vital precept: cybersecurity just isn’t separate from innovation; it is without doubt one of the situations that enables digital transformation to scale safely. The ARC initiative embodies this philosophy and helps determination makers confront the sensible realities of coordination, escalation, and response on this advanced atmosphere.
That is precisely what the ARC Kenya tabletop train was designed to do. The goal was to not take a look at instruments however to stress‑take a look at determination making below strain. Contributors have been challenged with advanced situations—together with AI‑enabled breaches, ransomware assaults, and infrastructure‑degree disruptions. The main target was not on technical fixes however on management readability, cross‑company coordination, and actual‑time determination making in excessive‑strain environments.
The result was each a roadmap for the unknown and a transparent recognition of the necessity for shared expectations earlier than a disaster begins—significantly round management and authority, trusted info sharing channels, and agreed response frameworks. These gaps, recognized by individuals themselves, now kind the spine of the ARC Kenya Toolkit.
What the ARC Kenya toolkit delivers
The toolkit interprets the teachings of the train into concrete actions that leaders can take now—earlier than the subsequent incident happens. It additionally serves as a sensible and particular 12‑month roadmap for strengthening Kenya’s cyber preparedness, shifting from classes recognized to sturdy, institutional functionality. Particularly, the toolkit supplies suggestions to:
- Make clear nationwide management throughout main cyber incidents, enabling authorities, regulators, legislation enforcement, and significant infrastructure operators to coordinate extra shortly, with fewer gaps and overlaps.
- Set up sensible, requirements‑aligned incident response fashions for your entire nation, together with precedence playbooks that groups can prepare on and execute constantly.
- Strengthen operational readiness throughout sectors, with higher coordination between safety operations facilities (SOCs), clearer escalation thresholds, and extra dependable incident reporting pathways.
- Deepen trusted info sharing and public‑non-public collaboration by frequent dealing with guidelines, safer “good‑religion” reporting mechanisms, and common joint workout routines to construct muscle reminiscence earlier than a disaster.
Taken collectively, these components allow leaders not solely to reply extra successfully to cyber incidents, however to institutionalize preparedness, coordination, and resilience throughout the nationwide cyber ecosystem. For African international locations extra broadly, the mannequin additionally presents a sensible pathway to strengthen regional cyber cooperation—by aligning expectations round escalation, info sharing, and public‑non-public coordination earlier than a cross‑border incident happens. By translating excessive‑degree rules into sensible, repeatable approaches to disaster readiness, the toolkit underscores the worth of trusted worldwide partnerships and alignment with international norms for accountable state conduct in our on-line world.
Why Kenya’s method issues past its borders
Many international locations throughout the International South are grappling with related challenges: fragmented possession of vital infrastructure, uneven cyber capability throughout sectors, and the necessity to coordinate quickly below strain. Whereas firmly grounded in Kenya’s nationwide context, the teachings from ARC Kenya are subsequently deliberately designed to resonate far past its borders and to be extremely transferable.
Importantly, this work doesn’t finish in Kenya. We’re already constructing on these classes by ARC engagements in different areas, together with a brand new workstream in Mexico, making use of the identical method to strengthen preparedness, coordination, and resilience throughout completely different nationwide contexts.
By design, the ARC initiative just isn’t merely a report of a single train. It’s a basis others can construct on—at a nationwide or regional degree—providing leaders a sensible start line to show shared accountability into sustained functionality.
