The study adopted a descriptive correlational research design. The target population for the study included 372 professionals in fintechs in Nairobi County. Stratified random sampling was applied by dividing the fintech population in Nairobi County into strata based on job roles. The sample size was computed using the Yamane (1967) formula to arrive at 192 fintech professionals. Primary data collection was based on a structured questionnaire that was scored on a five-point Likert scale. Analysis of data was done via SPSS Version 25.0, and both descriptive and inferential statistics were generated and with output of the analysis expressed as frequencies and percentages and presented in the form of tables and figures.

The study found that regular cybersecurity audits had a mean score of 4.07 (SD = 1.01), the organization of external workshops scored 3.16 (SD = 1.24), and cross-training scored 3.36 (SD = 1.08). The Pearson correlation analysis indicated a strong positive relationship (r = .576, p < .001) between organizational learning strategies and cybersecurity management. The R² value was .332, with a significant ANOVA F-statistic of 71.609. The regression coefficient for organizational learning was .868, suggesting that each unit increase in organizational learning led to an estimated .868 unit increase in cybersecurity management.

The study found that fintechs’ incorporation of cybersecurity features into products scored a mean of 3.92 (SD = 0.84), participation in hackathons scored 3.11 (SD = 1.47), and new product development scored 3.25 (SD = 1.32). Pearson correlation analysis indicated a strong positive relationship (r = .761, p < .001) between continuous innovative strategies and cybersecurity management. The R² value was .579, with a significant ANOVA F-statistic of 198.038. The regression coefficient for continuous innovative strategies was .910, suggesting that each unit increase in these strategies led to a .910 unit increase in cybersecurity management.

The study concludes that fintech companies prioritize regular cybersecurity training sessions to ensure a prepared workforce. It further concludes the presence of active investment in innovative cybersecurity solutions, yet limited opportunities fostering employee-driven innovation through hackathons. Moreover, the study concludes that strong internal efforts tend to foster cybersecurity knowledge among staff through training programs. It also concludes there is weak involvement in collaborating with regulatory bodies to stay updated on cybersecurity regulations.