Africa CISO Summit 2026 Day Two Focuses On Cyber Resilience

The second day of the Africa CISO Summit 2026 continued in Nairobi with a deeper focus on operational cybersecurity challenges, digital identity systems and the growing role of automation and artificial intelligence in modern cyber defence.

The summit, organised by CIO Africa by dx5, brought together cybersecurity professionals, technology vendors and policy stakeholders from across the continent to examine how organisations can strengthen cyber resilience as digital systems become more deeply embedded in Africa’s economies.

National digital identity and security

The morning began with a keynote by Francis Sitati from the Communications Authority of Kenya, who examined the role of national digital identity systems as a foundation for secure digital services.

Sitati noted that governments across Africa are rapidly expanding digital public services, from online licensing platforms to digital financial services and citizen portals. As these services grow, protecting digital identities and the personal data behind them has become a central security priority.

He stressed that public confidence in digital government services ultimately depends on the integrity and security of identity systems. “Trust in digital government platforms depends on how well we protect citizen data and secure digital identities,” Sitati said.

As governments digitise more services, identity infrastructure is increasingly being viewed as part of a country’s critical digital infrastructure.

Government resilience and national cyber risk

The first panel discussion of the day examined cybersecurity as national infrastructure and explored how the resilience of government systems directly affects the broader digital ecosystem.

Moderated by Francis Mwangi, the panel brought together cybersecurity and technology leaders including Dennis Mureithi, Michael Etale, Eslam Ahmed and Harvey Sijenyi. The speakers highlighted how cyber threats are evolving rapidly as digital systems expand across both the public and private sectors.

Mureithi explained that while cyber risks themselves are not new, the speed and sophistication with which attacks are now carried out has changed dramatically.

“The risks have always existed, what has changed is the speed, the scale, and the sophistication of how attacks are executed,” he said.

The discussion also addressed the growing importance of cooperation between regulators, industry players and cybersecurity practitioners. Ahmed noted that regulatory frameworks play an important role in shaping cybersecurity practices, but warned that regulation alone cannot address the rapidly evolving threat landscape.

“Regulation alone is not enough. It must evolve with technology and be supported by strong collaboration between regulators and industry,” he said.

Securing digital systems and sensitive credentials

Following the panel, Allan Odera delivered a technical session focusing on the protection of credentials, tokens and encryption keys across modern enterprise environments.

As organisations expand cloud services, digital platforms and application ecosystems, the number of credentials used to access systems continues to grow. Managing and protecting those credentials has therefore become a critical aspect of cybersecurity.

Odera noted that many of the risks organisations face today are not fundamentally new, but the technologies now being deployed at scale — including cloud computing and artificial intelligence — have significantly expanded both complexity and exposure.

“These challenges are not new, what has changed is the scale and complexity brought by modern technologies like AI and cloud computing,” he said.

Artificial intelligence reshaping the cyber battlefield

Artificial intelligence featured prominently in the morning discussions, with several speakers examining how both attackers and defenders are using AI to scale their capabilities.

In a session on the emerging AI threat landscape, Rex Mafiana explored how automation is transforming cybersecurity operations. Mafiana compared the shift to developments in aviation, where automated systems now perform many of the tasks once handled manually by pilots.

“In aviation, once the plane is cruising, autopilot takes over,” Mafiana said. “AI is creating a similar shift in cybersecurity, automation is now driving many systems.”

He noted that attackers are increasingly experimenting with techniques such as prompt injection and data poisoning, which target the behaviour of AI systems themselves. As organisations deploy more AI-powered tools, understanding these new attack vectors will become essential.

Cyber immunity and resilient systems

The technical sessions continued with Moses Munguti, who introduced the concept of cyber immunity, a security approach designed to make systems inherently resistant to compromise rather than relying solely on reactive detection tools.

The approach focuses on building software architectures that reduce exploitable vulnerabilities, ensuring that systems remain functional even when targeted by attackers.

The CISO’s growing responsibilities

The final discussion before the lunch break examined the pressures facing modern Chief Information Security Officers and whether organisations are placing unrealistic expectations on security leaders.

Moderated by Joan Kiama, the panel featured speakers including Seyoum Damtew, Grant Hughes, Joshua Juna and Eslam Ahmed. The discussion explored how CISOs are increasingly expected to manage regulatory compliance, operational resilience, risk management and business strategy simultaneously, often with limited resources and growing accountability. Speakers noted that as cyber incidents become more visible and financially damaging, CISOs are under increasing scrutiny from both executive leadership and regulators.

Emerging risks in the creative economy

Before the networking lunch break, Wamaitha Mwangi delivered a presentation examining how the growth of Africa’s creative and digital content economy is creating new categories of cyber risk. The expansion of digital platforms for content distribution, intellectual property management and creator payments has introduced new vulnerabilities that organisations are still learning to manage.

The afternoon sessions shifted toward smaller breakout discussions and technical conversations. Delegates explored topics such as information security sovereignty in the age of artificial intelligence, security culture within organisations, the relationship between regulators and cybersecurity practitioners, and how enterprises can build resilience against insider threats. Roundtable discussions later in the afternoon also examined ecosystem security risks involving third- and fourth-party vendors, as well as accountability challenges when artificial intelligence systems fail.

As the summit concluded, participants emphasised that cybersecurity challenges across Africa are becoming more interconnected. Protecting national digital infrastructure, securing enterprise systems and building skilled cybersecurity teams are increasingly seen as shared responsibilities across governments, industry and the broader technology ecosystem.

With the Africa CISO Summit expected to return in 2027, the conversations in Nairobi underscored a growing consensus among cybersecurity leaders: resilience in the digital age will depend not only on technology, but also on collaboration, governance and trust.