advertisement
Microsoft, NTT Data Push Cybersecurity-First Digital Transformation
Cybersecurity can no longer be treated as a technical afterthought or a compliance burden but must be embedded at the heart of digital transformation, industry leaders said at the Microsoft–NTT Data Cybersecurity Workshop held in Nairobi on December 4, 2025.
The workshop brought together regulators, technology providers, and governance professionals to examine digital operational resilience, evolving regulatory expectations, and data security in the age of artificial intelligence. Speakers agreed that as economies digitise rapidly, trust, resilience, and compliance are increasingly becoming strategic enablers of growth rather than constraints.
At the centre of the discussion was the growing pressure on organisations from four converging forces: the law, market dynamics, social expectations, and technology architecture.
advertisement
“People want to do business in a digital space, whether through mobile money, digital platforms, or online services,” said Fiona Mshai Kibe, Senior Advisor for Strategy at NTT Data. “Consumers now expect regulators to provide a safe operating environment that protects them while still enabling economic growth. Technology sits right at the intersection of these expectations.”
Kibe said this convergence explains why organisations must adopt a multi layered approach to cybersecurity and resilience, one that goes beyond tools and addresses governance, culture, and collaboration.
Building Resilience In A Fast Changing Risk Landscape
advertisement
Speakers noted that financial services and other digitally intensive sectors are facing a rapidly evolving threat environment, driven by increased connectivity, automation, and the growing use of artificial intelligence. As a result, organisations must place greater emphasis on proactive risk management, continuous monitoring, and operational preparedness.
“In highly digitised sectors, the impact of technology related incidents can be severe,” Kibe said. “Beyond financial loss, there is reputational damage, consumer harm, and loss of trust. That is why resilience must be designed into systems from the outset.”
The workshop highlighted the importance of structured incident response processes, realistic scenario testing, and strong governance frameworks that clearly define roles, responsibilities, and oversight at board and executive level.
advertisement
The Rising Importance Of Third Party Risk
As organisations increasingly depend on cloud platforms, managed service providers, and specialist vendors, third party and supply chain risk has emerged as a critical concern.
“Very few organisations operate in isolation today,” Kibe said. “Your exposure is directly linked to the resilience of the partners you rely on to deliver essential services.”
Speakers emphasised the need for organisations to identify mission critical vendors, conduct regular assurance and testing, and maintain visibility over how partners manage cybersecurity and data protection risks.
Data Protection As A Foundation Of Digital Trust
Data protection featured prominently in the discussions, with speakers underscoring its central role in operational resilience and public trust.
“Data is the unit of value in the digital economy,” Kibe said. “If data is not protected, there can be no trust, and without trust, digital transformation fails.”
She pointed to Kenya’s Data Protection Act and the increasing role of the Office of the Data Protection Commissioner in enforcing compliance and accrediting organisations with the capability to assess data protection practices.
Data governance, she noted, spans three interconnected dimensions: organisational processes and policies, legal compliance and privacy obligations, and the technical controls required to secure data.
Recent cross border regulatory cooperation in East Africa was cited as evidence that regulators are becoming more proactive and collaborative in enforcing data protection and accountability in the digital space.
Compliance As An Enabler Of Growth
During a panel discussion on securing data across sectors, panellists challenged the perception that regulation slows innovation. Instead, they argued that strong compliance frameworks can support sustainable growth and competitiveness.
Edwin Kariuki of NTT Data said organisations must elevate compliance to the highest levels of leadership.
“The voice of compliance must carry the same weight as finance and strategy,” he said. “When compliance fails, the financial penalties may be manageable, but the reputational damage and legal exposure can be far more costly.”
Faith Katua of ISACA urged organisations to adopt a risk based approach rather than reacting to enforcement actions after the fact.
“Understanding your risk exposure early allows you to prioritise investments and avoid costly surprises,” she said. “Strong compliance can also create competitive advantage, especially in procurement and partnerships.”
Katua added that transparency around data handling and cybersecurity practices is increasingly influencing customer confidence and business decisions.
A Shift Toward Collaboration And Shared Responsibility
Speakers concluded that the future of digital resilience depends on closer collaboration between regulators, technology providers, and businesses.
“Regulation is no longer something done to organisations,” Kibe said. “It is increasingly being shaped through collaboration with technologists and industry players.”
She added that compliance should be viewed as a strategic asset rather than a cost.
“When resilience is built by design, it enables innovation, strengthens trust, and supports long term growth,” Kibe said.