When a major cyber incident hits, theΒ firstΒ decisionsΒ arenβtΒ technicalβtheyβreΒ human. Who takes the lead? How quickly can information be shared? When should governments step in, and how do you protect public trust while keeping essential services running?Β
These questions are at the heart of MicrosoftβsΒ Advancing Regional CybersecurityΒ (ARC) initiative, launched in 2025 to help governments strengthen cyber preparedness through practical, public-private collaboration. Today,Β weβreΒ sharing the first tangible output of that work:Β the ARC Kenya Exercise Report & Toolkit, developed through a tabletop exercise held in Nairobi in December 2025.Β Β
Developed with Kenyaβs National Computer and Cybercrime Coordination Committee (NC4) andΒ RiskSight, theΒ toolkit isΒ a practical planning resource designed to help government and cross-sector leaders prepare for cyber crises before they occur.Β It is grounded in real conversations among leaders from government, regulators, critical infrastructure operators, law enforcement, academia, and the private sector working through what a serious cyber incident wouldΒ demand of them, together.Β
Stressβtesting decisions before a crisisΒ hits
The ambition of theΒ βSilicon SavannahβΒ makes Kenya a compelling setting for this work. Its digital economy is expanding rapidlyβfromΒ mobileβfirstΒ financial services toΒ cloudβenabledΒ public infrastructureβpositioning the country as a regional technology leader. But rapid digital growth also brings increased exposure to more sophisticated cyber threats. As systems become more interconnected, a serious cyber incident can quickly disrupt essential services, undermine public trust, and threaten economic stability.Β
Kenyaβs approachΒ recognizes this reality andΒ reflects a critical principle: cybersecurity is not separate from innovation; it is one of the conditions that allows digital transformation to scale safely. The ARC initiative embodies this philosophyΒ and helps decisionΒ makers confront the practical realities of coordination, escalation, and responseΒ in this complex environment.Β
This is exactly what the ARC Kenya tabletop exercise was designed to do. TheΒ objectiveΒ was not to test tools but toΒ stressβtestΒ decisionΒ making under pressure. Participants were challenged with complex scenariosβincludingΒ AIβenabledΒ breaches, ransomware attacks, andΒ infrastructureβlevelΒ disruptions. The focus was not on technical fixes but on leadership clarity,Β crossβagencyΒ coordination, andΒ realβtimeΒ decisionΒ making inΒ highβpressureΒ environments.Β
The outcome was both a roadmap for the unknown and a clear recognition of the need for shared expectations before a crisis beginsβparticularly around leadership and authority, trusted informationΒ sharing channels, and agreed response frameworks. These gaps,Β identifiedΒ by participants themselves, now form the backbone of the ARC Kenya Toolkit.Β
What the ARC KenyaΒ toolkit delivers
The toolkit translates the lessons of the exercise into concrete actions that leaders can take nowβbefore the next incident occurs. It also serves as a practicalΒ and specificΒ 12βmonth roadmap for strengthening Kenyaβs cyber preparedness, moving from lessonsΒ identifiedΒ to durable, institutional capability.Β Specifically, the toolkit provides recommendations to:Β
- Clarify national leadership during major cyber incidents, enabling government, regulators, law enforcement, and critical infrastructure operators to coordinate more quickly, with fewer gaps and overlaps.Β
- Establish practical,Β standardsβalignedΒ incident response modelsΒ for the entire country, including priority playbooks that teams can train on and execute consistently.Β
- Strengthen operational readiness across sectors, with better coordination between security operations centers (SOCs), clearer escalation thresholds, and more reliable incident reporting pathways.Β
- Deepen trusted informationΒ sharing andΒ publicβprivateΒ collaborationΒ through common handling rules, safer βgoodβfaithβ reporting mechanisms, and regular joint exercises to build muscle memory before a crisis.
Taken together, these elements enable leaders not only to respond more effectively to cyber incidents, but to institutionalize preparedness, coordination, and resilience across the national cyber ecosystem. For African countries more broadly, the model also offers a practical pathway to strengthen regional cyber cooperationβby aligning expectations around escalation, information sharing, and publicβprivateΒ coordination before aΒ crossβborderΒ incident occurs. By translatingΒ highβlevelΒ principles into practical, repeatable approaches to crisis readiness, the toolkit underscores the value of trusted international partnerships and alignment with global norms for responsible state behavior in cyberspace.Β
Why KenyaβsΒ approach matters beyond its borders
Many countries across the Global South are grappling with similar challenges: fragmented ownership of critical infrastructure, uneven cyber capacity across sectors, and the need to coordinate rapidly under pressure. While firmly grounded in Kenyaβs national context, the lessons from ARC Kenya are therefore intentionally designed to resonate far beyond its borders and to be highly transferable.Β
Importantly, this work does not end in Kenya. We are already building on these lessons through ARC engagements in other regions, including a new workstream in Mexico, applying the same approach to strengthen preparedness, coordination, and resilience across different national contexts.Β
By design, the ARC initiative is not simply a record of a single exercise. It is a foundation others can build onβatΒ aΒ national or regional levelβofferingΒ leadersΒ a practical starting point to turn shared responsibility into sustained capability.Β
Explore the ARC Kenya ToolkitΒ & TabletopΒ Exercise
Β
For more than a decade, the Microsoft Digital Crimes Unit (DCU) has persistently disrupted cybercrime and nation-state threats targeting people, organizations, and critical infrastructure. Explore major disruptionsβand the ongoing cases and operations behind them here: Disrupting cyberthreats since 2008 | Microsoft
The post Strengthening cyber capacity in Kenya: A new toolkit with lessons for the region appeared first on Microsoft On the Issues.