GK
Company Details
Linkedin ID:
gok-government-of-kenya
Website:
Employees number:
186
Number of followers:
770
NAICS:
92
Industry Type:
Homepage:
president.go.ke
IP Addresses:
0
Company ID:
GOV_2825535
Scan Status:
In-progress
Government of Kenya Company CyberSecurity Posture
president.go.ke
The Government of the Republic of Kenya (GoK) is the national government of the republic of Kenya which is composed of 47 Counties, each county with its own semi-autonomous governments. The national government is composed of three arms:[1] The Legislature, the Executive and the Judiciary. Each arm is independent of the other and their individual roles are set by the Constitution of Kenya. The full name of the country is the "Republic of Kenya". Its official Swahili name is 'Jamhuri ya Kenya'. Other terms such as GoK, GK and Serikali are popularly used to refer to the Kenyan government.
Government of Kenya A.I CyberSecurity Scoring
GK Risk Score (AI oriented)Between 700 and 749
GK
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
GK Global Score (TPRM)XXXX
GK
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
GK Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Government of Kenya
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: A cyberattack on **Monday, [date not specified]**, targeted multiple high-profile Kenyan government ministry websites, including the **Ministries of Interior, Health, Education, Energy, Labour, and Water**. The attack defaced these platforms with **racist and white supremacist messages** (e.g., *“We will rise again,” “White power worldwide,” “14:88 Heil Hitler”*), disrupting public access for hours. The intrusion was attributed to a group identifying itself as **‘PCP@Kenya’**, though no formal claim of responsibility was made. While **no sensitive financial data or core government systems were compromised**, the incident exposed vulnerabilities in Kenya’s **public-sector digital infrastructure**, prompting an urgent response from national cybersecurity teams (KE-CIRT). The attack was **contained quickly**, with systems restored and placed under continuous monitoring. However, the defacement of **six key ministries’ websites**—critical for public services—raised concerns about **reputational damage, public trust erosion, and potential future exploits**. No evidence linked the attack to broader regional coordination, though it followed a **Somalia e-Visa breach** reported 24 hours prior.
GK Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for GK
Incidents vs Government Administration Industry Average (This Year)
Government of Kenya has 51.52% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Government of Kenya has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types GK vs Government Administration Industry Avg (This Year)
Government of Kenya reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — GK (X = Date, Y = Severity)
GK cyber incidents detection timeline including parent company and subsidiaries
GK Company Subsidiaries
The Government of the Republic of Kenya (GoK) is the national government of the republic of Kenya which is composed of 47 Counties, each county with its own semi-autonomous governments. The national government is composed of three arms:[1] The Legislature, the Executive and the Judiciary. Each arm is independent of the other and their individual roles are set by the Constitution of Kenya. The full name of the country is the "Republic of Kenya". Its official Swahili name is 'Jamhuri ya Kenya'. Other terms such as GoK, GK and Serikali are popularly used to refer to the Kenyan government.
Loading...
GK Similar Companies
Government of Alberta
Work with the Alberta government to build a stronger province for current and future generations. We offer diverse and rewarding employment opportunities in an environment that encourages continuous learning and career growth. We are one of the largest employers in Alberta with over 27,000 empl
FEMA
Welcome to the official LinkedIn page for the Federal Emergency Management Agency (FEMA). When disaster strikes, America looks to FEMA to support survivors and first responders in communities all across the country. This page provides career related information, job announcements and relevant updat
Ministère de l'Éducation nationale
Page officielle du ministère de l'Éducation nationale. Retrouvez toute l'information sur www.education.gouv.fr, twitter.com/education_gouv, facebook.com/education.gouv et dans nos lettres d'informations (bulletin hebdo et lettre education.gouv.fr). --------------------------------------------------
Ministry of Environment and Urbanism
MINISTRY of ENVIRONMENT and URBANISM (MEU) MAIN SERVICE UNITS ================== 1) General Directorate of Construction Works 2) General Directorate of Spatial Planning 3) General Directorate of Environmental Management 4) General Directorate of EIA, Permits and Control 5) General Directo
Council Careers Victoria
Victorian local government jobs offer opportunities for people with diverse skills. The sector delivers more than 100 services and employs staff in the areas of health and community care, corporate and business support, engineering, planning and community development, and environment and emergency m
Vlaamse overheid
Bij de Vlaamse overheid geef je elke dag opnieuw het beste van jezelf, in een job die een verschil maakt in de maatschappij. Pas afgestudeerd of al een aantal jaren professionele ervaring achter de rug? Op zoek naar een job als arbeider, bediende, leidinggevende, administratief medewerker, ingenie
U.S. Department of Veterans Affairs
Welcome to the United States Department of Veterans Affairs (VA) Official LinkedIn page. We're recruiting the finest employees to care for our #Veterans. Following/engagement ≠ signify VA endorsement. This is a moderated page, meaning that all comments will be reviewed for appropriate content. Ple
Ministry of Health Saudi Arabia
The Ministry of Health (MOH), by way of its objectives, policies and projects included in this strategy, seeks to accomplish a promising future vision; namely, delivering best-quality integrated and comprehensive healthcare services. Carrying health conditions or health status of Saudi inhabitants t
County of Santa Clara
The County of Santa Clara is located at the southern end of the San Francisco Bay and encompasses 1,312 square miles. It has one of the highest median family incomes in the country, and a wide diversity of cultures, backgrounds and talents. The County of Santa Clara continues to attract people fro
.png)
GK CyberSecurity News
November 21, 2025 01:38 PM
Nairobi Welcomes Experts for National Cybersecurity Conference
Kenya opened its 2025 National Cybersecurity Conference in Nairobi today, bringing together government officials, tech experts,...
November 21, 2025 08:00 AM
Kenya Opens 2025 National Cybersecurity Conference as Digital Economy Expands
Kenya, 21 November 2025 – The Government has officially launched the 2025 National Cybersecurity Conference and "FIRST" Technical Colloquium...
November 18, 2025 08:00 AM
Cybersecurity News: Azure hit by DDoS, Kenyan government sites recover, EVALUSION emerges
Azure hit by DDoS using 500K IPs, Kenyan government sites back online, EVALUSION emerges, Kraken enhances ransomware attacks.
November 18, 2025 08:00 AM
Multiple Kenyan Government Sites Temporarily Offline Following Cybersecurity Breach
Kenya experienced a significant cybersecurity incident on November 17, 2025, when multiple government websites were temporarily taken offline.
November 18, 2025 08:00 AM
Cybersecurity reforms: digital safeguards and opportunities Ministry of Information, Communications & The Digital Economy KE Government Advertising Agency
November 17, 2025 09:00 PM
Building Kenya’s cyber resilience: Lessons from Israel’s experience
Cybersecurity is not merely a technical field; it is a national priority and a cornerstone of economic growth.
November 17, 2025 08:00 AM
Hackers target several government websites, temporarily take over presidency portal
The cybersecurity breach on government websites was confirmed by Interior PS Raymond Omollo, who pointed an accusing finger at PCP@Kenya.
November 17, 2025 08:00 AM
Hackers’ paradise: Auditor-General warned, hackers listened
On Monday, the government admitted to a hacking attack targeting State House, the Health, Education, Labour, Environment, ICT,...
November 17, 2025 08:00 AM
From KRA's X Account to Tom Daktari's TikTok: The Alarming Wave of Cyberattacks
Kenya's digital platforms under siege.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
GK CyberSecurity History Information
Official Website of Government of Kenya
The official website of Government of Kenya is https://www.president.go.ke.
Government of Kenya’s AI-Generated Cybersecurity Score
According to Rankiteo, Government of Kenya’s AI-generated cybersecurity score is 735, reflecting their Moderate security posture.
How many security badges does Government of Kenya’ have ?
According to Rankiteo, Government of Kenya currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Government of Kenya have SOC 2 Type 1 certification ?
According to Rankiteo, Government of Kenya is not certified under SOC 2 Type 1.
Does Government of Kenya have SOC 2 Type 2 certification ?
According to Rankiteo, Government of Kenya does not hold a SOC 2 Type 2 certification.
Does Government of Kenya comply with GDPR ?
According to Rankiteo, Government of Kenya is not listed as GDPR compliant.
Does Government of Kenya have PCI DSS certification ?
According to Rankiteo, Government of Kenya does not currently maintain PCI DSS compliance.
Does Government of Kenya comply with HIPAA ?
According to Rankiteo, Government of Kenya is not compliant with HIPAA regulations.
Does Government of Kenya have ISO 27001 certification ?
According to Rankiteo,Government of Kenya is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Government of Kenya
Government of Kenya operates primarily in the Government Administration industry.
Number of Employees at Government of Kenya
Government of Kenya employs approximately 186 people worldwide.
Subsidiaries Owned by Government of Kenya
Government of Kenya presently has no subsidiaries across any sectors.
Government of Kenya’s LinkedIn Followers
Government of Kenya’s official LinkedIn profile has approximately 770 followers.
NAICS Classification of Government of Kenya
Government of Kenya is classified under the NAICS code 92, which corresponds to Public Administration.
Government of Kenya’s Presence on Crunchbase
No, Government of Kenya does not have a profile on Crunchbase.
Government of Kenya’s Presence on LinkedIn
Yes, Government of Kenya maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/gok-government-of-kenya.
Cybersecurity Incidents Involving Government of Kenya
As of December 04, 2025, Rankiteo reports that Government of Kenya has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Government of Kenya has an estimated 11,337 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Government of Kenya ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
How does Government of Kenya detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with securing affected systems, containment measures with restoring access to platforms, and recovery measures with continuous monitoring to prevent further disruption, and communication strategy with public statement by interior ministry, communication strategy with encouraging citizens to report relevant information to national ke-cirt, and .
Incident Details
Can you provide details on each incident ?
Title: Government of Kenya Cyberattack with Defacement and Racist Messages
Description: The Government of Kenya cyberattack on Monday morning left several ministry websites defaced with racist and white supremacist messages, disrupting access for hours. The attack targeted high-profile platforms, including the ministries of Interior, Health, Education, Energy, Labour, and Water. Users encountered extremist messages such as 'We will rise again,' 'White power worldwide,' and '14:88 Heil Hitler.' The suspected group, 'PCP@Kenya,' is under investigation. The incident was contained, and systems were placed under continuous monitoring. No sensitive financial data or core government systems were compromised.
Date Detected: 2023-11-13T00:00:00Z
Date Publicly Disclosed: 2023-11-13T00:00:00Z
Type: Defacement
Threat Actor: PCP@Kenya (suspected)
Motivation: Hate SpeechRacismWhite SupremacyDisruption
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Defacement GOK3562035111825
Systems Affected: Ministry of Interior websiteMinistry of Health websiteMinistry of Education websiteMinistry of Energy websiteMinistry of Labour websiteMinistry of Water website
Downtime: Several hours
Operational Impact: Temporary inaccessibility of public-facing ministry websites; extremist messages displayed to users
Brand Reputation Impact: High (due to racist and extremist messaging on government platforms)
Which entities were affected by each incident ?
Incident : Defacement GOK3562035111825
Entity Name: Government of Kenya
Entity Type: Government
Industry: Public Sector
Location: Kenya
Customers Affected: Citizens and users of ministry websites
Incident : Defacement GOK3562035111825
Entity Name: Ministry of Interior (Kenya)
Entity Type: Government Ministry
Industry: Public Sector
Location: Kenya
Incident : Defacement GOK3562035111825
Entity Name: Ministry of Health (Kenya)
Entity Type: Government Ministry
Industry: Healthcare
Location: Kenya
Incident : Defacement GOK3562035111825
Entity Name: Ministry of Education (Kenya)
Entity Type: Government Ministry
Industry: Education
Location: Kenya
Incident : Defacement GOK3562035111825
Entity Name: Ministry of Energy (Kenya)
Entity Type: Government Ministry
Industry: Energy
Location: Kenya
Incident : Defacement GOK3562035111825
Entity Name: Ministry of Labour (Kenya)
Entity Type: Government Ministry
Industry: Labor
Location: Kenya
Incident : Defacement GOK3562035111825
Entity Name: Ministry of Water (Kenya)
Entity Type: Government Ministry
Industry: Utilities
Location: Kenya
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Defacement GOK3562035111825
Incident Response Plan Activated: True
Containment Measures: Securing affected systemsRestoring access to platforms
Recovery Measures: Continuous monitoring to prevent further disruption
Communication Strategy: Public statement by Interior MinistryEncouraging citizens to report relevant information to National KE-CIRT
Data Breach Information
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by securing affected systems, restoring access to platforms and .
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Continuous monitoring to prevent further disruption, .
References
Where can I find more information about each incident ?
Incident : Defacement GOK3562035111825
Source: Government of Kenya Interior Ministry Statement
Date Accessed: 2023-11-13
Incident : Defacement GOK3562035111825
Source: U.S. Embassy in Somalia Advisory
Date Accessed: 2023-11-11
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Government of Kenya Interior Ministry StatementDate Accessed: 2023-11-13, and Source: U.S. Embassy in Somalia AdvisoryDate Accessed: 2023-11-11.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Defacement GOK3562035111825
Investigation Status: Ongoing (suspected group 'PCP@Kenya' under investigation; no formal claim of responsibility)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Statement By Interior Ministry and Encouraging Citizens To Report Relevant Information To National Ke-Cirt.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Defacement GOK3562035111825
Stakeholder Advisories: Citizens Encouraged To Report Relevant Information To National Ke-Cirt.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Citizens Encouraged To Report Relevant Information To National Ke-Cirt.
Post-Incident Analysis
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an PCP@Kenya (suspected).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-11-13T00:00:00Z.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-11-13T00:00:00Z.
Impact of the Incidents
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Ministry of Interior websiteMinistry of Health websiteMinistry of Education websiteMinistry of Energy websiteMinistry of Labour websiteMinistry of Water website.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Securing affected systemsRestoring access to platforms.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Government of Kenya Interior Ministry Statement and U.S. Embassy in Somalia Advisory.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (suspected group 'PCP@Kenya' under investigation; no formal claim of responsibility).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Citizens encouraged to report relevant information to National KE-CIRT, .
.png)
Latest Global CVEs (Not Company-Specific)
Description
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
Risk Information
cvss3
Base: 6.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Description
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Risk Information
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=gok-government-of-kenya' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
