Market News

CBK cyber security rules get backing

Dr Patrick Njoroge, Central Bank of Kenya governor. PHOTO | SALATON NJAU | NMG
Dr Patrick Njoroge, Central Bank of Kenya governor. PHOTO | SALATON NJAU | NMG 

The recent Central Bank of Kenya (CBK) cyber security guidelines will help banks deal with cybercrimes and prepare for emerging threats.

The Information Communication Technology Association of Kenya (ICTAK) yesterday said strengthening of the legal framework will aid banks better combat cybercrimes.

“Viewed against the phenomenal risk posed by emergent cyber threats, the guidelines proposed by CBK are long overdue,” ICTAK secretary general Kamotho Njenga said.

Mr Njenga said since most banks have embraced online financial transactions to enhance convenience for their customers, the lenders are a soft target for cyber-attacks. “The directive by CBK compelling financial institutions to review their cyber security policy is fundamentally to their advantage,” he said.

Kenyan banks are by August 31 required to compile and file with the regulator detailed reports of how they plan to confront emerging cyber security threats.


The CBK, the financial services sector regulator, said mid last month that the move is intended to ensure stability of the industry as it continues to automate processes.

“All institutions are required to submit their cyber security policy, strategies and frameworks to the CBK by August 31,” the note said.

“CBK is well aware of the fact that cyber risk will keep morphing due to the evolution of cyber threats in Kenya and across the globe.

‘‘Therefore, CBK mandates all institutions to review their cyber security strategy, policy and framework regularly based on each institution’s threat and vulnerability assessment.”

Under the new rules, lenders will be required to place the cyber risks issue at the board and management level.

The regulations are expected to spur the hiring of more Internet savvy experts, including chief information security officers, dedicated to countering cyber threats.

CBK’s move comes in the wake of increased threats to business on both the local and international fronts as tech-savvy criminals exploit weaknesses in IT systems to steal money, demand ransom or sabotage corporations.

Several studies have urged banks to embrace digital technologies to counter the disruption by financial innovations.