Building cyber resilience in capital market

An investor at the NSE. PHOTO | FILE
An investor at the NSE. PHOTO | FILE 

The last decade has witnessed a proliferation of new technologies in Kenya’s financial sector in line with the Medium Term Plan (MTP) III aspiration of strengthening the use of digital finance to grow the economy. With technological advances such as Artificial Intelligence and Digital Ledger Technology including Block Chain taking shape, the risk of compromise to the end-point security is all the more pronounced.

As technology and markets continue to grow in sophistication, possible intrusion, manipulation, and cyber misconduct are threats that must be appreciated at all levels as they have the potential to cause significant disruption to the financial ecosystem, threatening overall confidence, integrity and stability.

A 2019 report published by the International Organization of Securities Commissions (IOSCO) and World Federation of Exchanges (WFE) revealed that in 2018, approximately 50 percent of the securities exchanges worldwide were the subject of cyber-attacks. Additionally, research has also established that most entities lack strong and tailored cyber security practices making them vulnerable to cyber risks.

Cyber risk is therefore now widely recognised as one of the top threats to financial markets with no shortage of cyber incidents involving financial data breaches being reported from large multinational public institutions to high profile incidents affecting Banks and Government systems in the face of increased use of Financial Technology (FinTech).

Against this background, Kenya has taken steps to build resilience and protect data against cyber-attacks. The Computer Misuse and Cybercrime Act 2018, which laid the foundation for subsequent national regulations, including the 2018 Data Protection Bill, has been instrumental in building conversations around cybersecurity.


More recently, the study conducted by the Distributed Ledgers Technology and Artificial Intelligence Task Force focussing on the role of transformative technologies in driving the fourth industrial revolution, further augments the need for open discussions on the top of the Agenda item.

Globally, IOSCO has devoted considerable effort to raise awareness of existing International cyber guidance in order to encourage the adoption of good practices among the IOSCO regulatory community.

Through its Cyber Task Force (CTF), the IOSCO Board released its June 2019 Report outlining how IOSCO member jurisdictions have applied three internationally recognised cyber standards with an aim of promoting cyber sound practices with excellent lessons to be learned to improve cyber resilience in the Kenyan Securities market.

As the Nairobi Securities Exchange and Central Depository and Settlement Corporation concretise efforts to upgrade their IT infrastructure, the effective installation of strong cyber security networks will be critical to cement the role of the market infrastructure institutions in serving the overarching objective of enhancing market integrity, transparency and operation of an efficient and risk-free trading, clearing & settlement system.

Strategy risk and performance officer, Capital Markets Authority.