Cybersecurity readiness in Kenyan Saccos: Bomet county case Study and development of cloud-based CTI platform for Saccos.

Abstract

The study investigated the strength of the cybersecurity posture of SACCOs in Kenya by assessing current practices, developing a CTI sharing platform, and formulating supportive policy guidelines. The study was guided by three specific objectives: To assess the current cybersecurity status of SACCOs; Investigate the current CTIs sharing in Kenya; Propose a Cyber Threat Intelligence (CTI) sharing model tailored for Saccos; Validate the model by developing a collaborative platform for real-time cyber threat intelligence sharing among SACCOs. A mixed- methods descriptive research design was adopted as it enabled the researcher to describe characteristics of individuals or groups as they exist in reality. The study targeted population 20 Saccos, 118 ICT Staff and 20 management heads. Census sampling was used on 118 ICT Staff and purpose sampling on 20 management heads and dean of faculties. Focus group discussions for management heads and questionnaires for ICT Staff were the data collection instruments used. Quantitative data was analysed using descriptive statistics including percentages, frequencies, means, and standard deviation while inferential statistics were conducted using Anova for all the objectives through Statistical Package for Social Sciences (SPSS) version 22. Qualitative data was processed by transcribing and categorizing from Focus Group Discussions using Nvivo and presented as narratives, direct quotations or converted to frequency tables for ease of interpretation. The first objective of the study presented that table 4.7 shows that statistically significant difference existed between groups as determined by one-way ANOVA (F(4,114) = 7.402, p=.000), (F(4,114) = 7.371, p=.000), (F(4,114) = 5.580, p=.000), backup and recovery policy, I am aware of the full extent cyber threats against my SACCO and there is a system to monitor suspicious transaction respectively. Results of the second objective indicated Table 4.9 highlights mixed levels of cyber threat intelligence (CTI) awareness and practices among SACCO ICT staff. Most staff were unfamiliar with KE-CIRT/CC’s role in CTI sharing, though many acknowledged receiving formal training on cyber threat identification and reporting. While SACCOs generally maintain documented CTI-sharing protocols and make use of automated tools like SIEM, perceptions varied on whether KE-CIRT/CC provides actionable guidance. Incident response plans were reported as regularly updated, though emerging threats such as AI-driven attacks were not prioritized. Table 4.13 shows that there were statistically significant difference among groups as revealed by one-way ANOVA(F(4,114) = 25.075, p=.000), (F(4,114) = 21.870, p=.000), (F(4,114) = 16.751, p=.000), (F(4,114) = 16.666, p=.000), regulatory support is essential for the successful implementation of CTI sharing policies, clear policies would encourage more SACCOs to participate in CTI sharing initiatives, Policies should include provisions for secure communication channels when sharing threat intelligence and SACCOs would be more willing to share threat intelligence if protected by a formal policy framework respectively. The study concludes that while there is a growing awareness of cybersecurity importance among SACCOs in Kenya, the actual implementation of cybersecurity measures is inconsistent and often reactiveThe following recommendations were made: SACCOs should prioritize formulating clear cybersecurity policies that include backup procedures, password management, 2FA, and incident response strategies to ensure uniformity and compliance across institutions. A secure, encrypted, and standardized CTI platform should be developed and adopted by SACCOs to facilitate timely and reliable cyber threat information exchange. Future research could conduct a longitudinal study to examine the long-term impact of CTI sharing platforms on SACCOs’ cybersecurity resilience, especially focusing on breach reduction, response time, and cost-effectiveness.