By Andrew Kariuki

As companies increasingly embrace data-driven innovation, a growing number of cybersecurity experts are challenging a long-standing assumption in the technology industry, that more data automatically leads to better outcomes.

According to Nicholas Mulila, Group Chief Corporate Risk Officer at Safaricom, the future of digital competitiveness may lie not in the volume of data collected, but in how responsibly and purposefully it is managed.

Mulila notes that for organisations operating large-scale digital platforms, excessive data collection is increasingly becoming a liability rather than an asset. Rising cyber threats, stricter privacy regulations, and growing public awareness around digital rights are pushing businesses to rethink their data strategies.

“It’s not about collecting less data,” he said. “It’s about collecting the right data for the right purpose and ensuring that it is protected in line with regulatory requirements.”

For years, companies across industries have prioritised accumulating large datasets to unlock insights and gain a competitive edge. However, Mulila argues that the real value lies in relevance, not volume.

This approach aligns with privacy frameworks such as Kenya’s Data Protection Act, which emphasises data minimisation. Unnecessary data storage increases compliance risks and exposes organisations to greater harm in the event of a breach.

Organisations are now being encouraged to adopt systems that evaluate the necessity of the data they collect, including whether it directly supports a product or service or is required by law.

Cybersecurity experts warn that breaches are no longer a question of “if” but “when,” and the amount of stored data can significantly determine the scale of damage.

Mulila explained that adopting a more focused data strategy helps reduce risks such as identity theft, financial loss, and costly recovery processes. Limiting stored sensitive data also minimises exposure during cyber incidents.

He further emphasised that security must be embedded within systems from the design stage rather than treated as an afterthought.

“A data breach is not just the loss of data; it is the loss of customer trust,” he noted.

The rise of artificial intelligence has introduced new challenges, with fraudsters increasingly using advanced techniques to exploit digital platforms. In response, Safaricom has enhanced its M-PESA platform with AI-driven fraud detection systems capable of identifying suspicious transactions in real time.

“Prevention is better than cure,” Mulila added, noting that continued investment in infrastructure remains critical in combating fraud.

While some argue that extensive personal data is necessary for personalised services, Mulila maintains that effective personalisation can still be achieved through aggregated insights and behavioural patterns without excessive data collection.

The shift toward responsible data use signals a broader transformation in the digital economy, where trust, compliance, and security are becoming central to sustainable growth.

“At Safaricom, data protection obligations are treated as non-negotiable,” he said.