AN An Empirical Assessment of Cybersecurity Maturity in Higher Learning Institutions

Abstract

Universities increasingly rely on digital infrastructure for academic, administrative, and research functions, making them prime targets for cyber threats. In developing regions, these risks are exacerbated by limited resources and weak enforcement of cybersecurity policies. This study assessed the cybersecurity maturity of universities within Nairobi County, focusing on governance, technical capacity, and human factors. A descriptive research design was employed, using online questionnaires administered to IT personnel across 25 universities. Data was analyzed using SPSS, applying descriptive statistics to measure maturity across institutional domains.

Findings revealed that while most institutions had implemented basic technical controls such as antivirus software and firewalls, only 32% had formal cybersecurity policies. Human factors emerged as the most significant weakness, with low staff awareness, limited training, and inadequate incident response preparedness. Overall, institutions displayed moderate cybersecurity maturity, with clear strategic planning and governance structure gaps.

The study contributes to the limited empirical research on cybersecurity in African higher learning institutions by offering data-driven insights into institutional preparedness. It provides a practical foundation for targeted interventions and capacity building. The study recommends the adoption of international frameworks, continuous staff training, and collaboration with national cybersecurity agencies to improve institutional resilience and cyber-readiness.