The security guard patrolling the premises, the logistical personnel navigating Mombasa Road at dawn, or the technician monitoring live video at 2 a.m: these are the unsung heroes who keep different facilities running long after the lights go out.
Yet the rapid convergence of physical and digital threats has created vulnerabilities that demand equally evolved security approaches. So advanced is technology that when a banking system is hacked, the thief doesn’t always wear a hoodie or a face mask before physically hijacking a transit vehicle. Sometimes it’s the vault door custodian whose login credentials were phished weeks earlier, turning a trusted sentinel into an unwitting accomplice.
In Kenya, this is no longer hypothetical, it is happening. And it highlights a critical blind spot: Kenya’s companies must treat cyber and physical security as one integrated system, as attackers already do.
The Central Bank of Kenya’s 2024 Financial Sector Stability Report shows cyber fraud losses continue to climb, driven by weak passwords, social engineering, SIM swaps, and phishing. Meanwhile, the World Security Report 2025 finds that 41 percent of Kenyan companies surveyed cite fraud as their leading external threat. But here’s the twist: 64 percent say misinformation or external radicalisation now drives insider threats. A fake WhatsApp message can turn a trusted employee into an access point. That’s convergence in action.
Findings are based on insights from 2,352 security leaders in 31 countries, including 58 security chiefs from Kenya and 174 in total from Sub-Saharan Africa. The World Security Report 2025, commissioned by Allied Universal, the world’s leading provider of security and facility management services, and its international business G4S. The survey also reveals 78 percent of Kenyan companies have been targeted by misinformation campaigns. A false social media post spreads panic that shuts down a factory. A data breach maps out security patrol routes. In the next election cycle, the greatest threat to business stability may come not from the streets but from screens, where a manipulated video ignites real-world unrest.
79 percent of Kenyan firms plan to increase their security budgets, the highest rate in Sub-Saharan Africa. The challenge isn’t spending more, it is integrating better. Many organisations still run physical and cyber security as separate departments. When attackers exploit the gap between code and concrete, companies pay twice: first in data loss, then in stolen assets. This continues to rise with over 2.5 billion cyber-threat events reported in the first quarter of 2025, a 201 percent surge from the previous quarter according to The Communications Authority of Kenya.
Integration doesn’t require sacrificing privacy, it requires protecting it intentionally. The human element remains critical. Kenya’s frontline security professionals now face demands beyond traditional duties, a reality reflected globally, where 81 percent of security chiefs agree there are greater demands on guards than there were five years ago. Every phishing alert needs a human interpreter. Every data point must translate into an on-the-ground response. Guards, drivers, and control-room operators aren’t just watching doors anymore, they’re connecting dots across physical and digital worlds.
To make integration real, company boards must treat security not as a cost centre but as a strategic imperative.
Kenya isn’t alone. Across the region, Nigeria and South Africa show the same pattern, hacked logistics systems paired with coordinated smear campaigns. Those who integrate early recover faster and retain investor trust. A major physical security breach can wipe 32 percent of a company’s value, findings from the World security report reveal.
Kenyan businesses can keep treating physical and cyber security as separate checkboxes, or embrace a model that reflects how attackers actually operate. A company that unifies its intelligence, trains its people, and acts on early signals gains fewer disruptions, safer teams, and stronger investor confidence.
Kenya must build bridges between the server room and the gate, before attackers exploit the gap between them.
By Laurence Okelo, Managing Director, G4S Kenya