Advancing Regional Cybersecurity<\/a>\u00a0(ARC) initiative, launched in 2025 to help governments strengthen cyber preparedness through practical, public-private collaboration. Today,\u00a0we\u2019re\u00a0sharing the first tangible output of that work:\u00a0the ARC Kenya Exercise Report & Toolkit, developed through a tabletop exercise held in Nairobi in December 2025.\u00a0\u00a0<\/p>\nDeveloped with Kenya\u2019s National Computer and Cybercrime Coordination Committee (NC4) and\u00a0RiskSight, the\u00a0toolkit is\u00a0a practical planning resource designed to help government and cross-sector leaders prepare for cyber crises before they occur.\u00a0It is grounded in real conversations among leaders from government, regulators, critical infrastructure operators, law enforcement, academia, and the private sector working through what a serious cyber incident would\u00a0demand of them, together.\u00a0<\/p>\n
Stress\u2011testing decisions before a crisis\u00a0hits<\/p>\n
The ambition of the\u00a0\u201cSilicon Savannah\u201d\u00a0makes Kenya a compelling setting for this work. Its digital economy is expanding rapidly\u2014from\u00a0mobile\u2011first\u00a0financial services to\u00a0cloud\u2011enabled\u00a0public infrastructure\u2014positioning the country as a regional technology leader. But rapid digital growth also brings increased exposure to more sophisticated cyber threats. As systems become more interconnected, a serious cyber incident can quickly disrupt essential services, undermine public trust, and threaten economic stability.\u00a0<\/p>\n
Kenya\u2019s approach\u00a0recognizes this reality and\u00a0reflects a critical principle: cybersecurity is not separate from innovation; it is one of the conditions that allows digital transformation to scale safely. The ARC initiative embodies this philosophy\u00a0and helps decision\u00a0makers confront the practical realities of coordination, escalation, and response\u00a0in this complex environment.\u00a0<\/p>\n
This is exactly what the ARC Kenya tabletop exercise was designed to do. The\u00a0objective\u00a0was not to test tools but to\u00a0stress\u2011test\u00a0decision\u00a0making under pressure. Participants were challenged with complex scenarios\u2014including\u00a0AI\u2011enabled\u00a0breaches, ransomware attacks, and\u00a0infrastructure\u2011level\u00a0disruptions. The focus was not on technical fixes but on leadership clarity,\u00a0cross\u2011agency\u00a0coordination, and\u00a0real\u2011time\u00a0decision\u00a0making in\u00a0high\u2011pressure\u00a0environments.\u00a0<\/p>\n
The outcome was both a roadmap for the unknown and a clear recognition of the need for shared expectations before a crisis begins\u2014particularly around leadership and authority, trusted information\u00a0sharing channels, and agreed response frameworks. These gaps,\u00a0identified\u00a0by participants themselves, now form the backbone of the ARC Kenya Toolkit.\u00a0<\/p>\n
What the ARC Kenya\u00a0toolkit delivers<\/p>\n
The toolkit translates the lessons of the exercise into concrete actions that leaders can take now\u2014before the next incident occurs. It also serves as a practical\u00a0and specific\u00a012\u2011month roadmap for strengthening Kenya\u2019s cyber preparedness, moving from lessons\u00a0identified\u00a0to durable, institutional capability.\u00a0Specifically, the toolkit provides recommendations to:\u00a0<\/p>\n
Clarify national leadership during major cyber incidents, enabling government, regulators, law enforcement, and critical infrastructure operators to coordinate more quickly, with fewer gaps and overlaps.\u00a0<\/p>\n
Establish practical,\u00a0standards\u2011aligned\u00a0incident response models\u00a0for the entire country, including priority playbooks that teams can train on and execute consistently.\u00a0<\/p>\n
Strengthen operational readiness across sectors, with better coordination between security operations centers (SOCs), clearer escalation thresholds, and more reliable incident reporting pathways.\u00a0<\/p>\n
Deepen trusted information\u00a0sharing and\u00a0public\u2011private\u00a0collaboration\u00a0through common handling rules, safer \u201cgood\u2011faith\u201d reporting mechanisms, and regular joint exercises to build muscle memory before a crisis.<\/p>\n
Taken together, these elements enable leaders not only to respond more effectively to cyber incidents, but to institutionalize preparedness, coordination, and resilience across the national cyber ecosystem. For African countries more broadly, the model also offers a practical pathway to strengthen regional cyber cooperation\u2014by aligning expectations around escalation, information sharing, and public\u2011private\u00a0coordination before a\u00a0cross\u2011border\u00a0incident occurs. By translating\u00a0high\u2011level\u00a0principles into practical, repeatable approaches to crisis readiness, the toolkit underscores the value of trusted international partnerships and alignment with global norms for responsible state behavior in cyberspace.\u00a0<\/p>\n
Why Kenya\u2019s\u00a0approach matters beyond its borders<\/p>\n
Many countries across the Global South are grappling with similar challenges: fragmented ownership of critical infrastructure, uneven cyber capacity across sectors, and the need to coordinate rapidly under pressure. While firmly grounded in Kenya\u2019s national context, the lessons from ARC Kenya are therefore intentionally designed to resonate far beyond its borders and to be highly transferable.\u00a0<\/p>\n
Importantly, this work does not end in Kenya. We are already building on these lessons through ARC engagements in other regions, including a new workstream in Mexico, applying the same approach to strengthen preparedness, coordination, and resilience across different national contexts.\u00a0<\/p>\n
By design, the ARC initiative is not simply a record of a single exercise. It is a foundation others can build on\u2014at\u00a0a\u00a0national or regional level\u2014offering\u00a0leaders\u00a0a practical starting point to turn shared responsibility into sustained capability.\u00a0<\/p>\n
Explore the ARC Kenya Toolkit\u00a0& Tabletop\u00a0Exercise<\/p>\n
Tags: cybercrime<\/a>, cybersecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"When a major cyber incident hits, the\u00a0first\u00a0decisions\u00a0aren\u2019t\u00a0technical\u2014they\u2019re\u00a0human. Who takes the lead? How quickly can information be shared? When…\n","protected":false},"author":2,"featured_media":27512,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[420,7853,416,154,313,320,7852],"class_list":{"0":"post-27511","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-microsoft","8":"tag-azure","9":"tag-azure-copilot","10":"tag-copilot","11":"tag-cybercrime","12":"tag-cybersecurity","13":"tag-microsoft","14":"tag-microsoft-copilot"},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/27511","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/comments?post=27511"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/27511\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media\/27512"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media?parent=27511"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/categories?post=27511"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/tags?post=27511"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}