Market News

Central bank warns lenders face growing cyber, fraud attacks

ICT minister Joe Mucheru (right) during a cyber security conference in Nairobi in May. PHOTO | SALATON NJAU | NMG
ICT minister Joe Mucheru (right) during a cyber security conference in Nairobi in May. PHOTO | SALATON NJAU | NMG 

Local lenders are exposed to cyber attacks and ICT-enabled fraud, the Central Bank of Kenya (CBK) has warned.

The industry regulator wants banks to increase resilience to IT failures and cyber security incidents including organised fraud.

“With increased use of ICT there have been increased cases of ICT related frauds in the recent years,” says the CBK.

The regulator says data on fraud reported to Banking Fraud and Investigation Department indicates cases relating to computer, mobile and Internet banking are on the rise.

“Another emerging threat has been cybercrime where criminals gain unauthorised access to institutions’ computer programs and data,” says the CBK. “As a result, there is an urgent need for the banking sector management to ensure increased use of computer-based transaction process is matched with effective controls.”

The CBK recently introduced cyber security guidelines aimed at helping banks deal with cybercrimes and prepare for emerging threats.

Banks are by Thursday required to compile and file with the regulator detailed reports of how they plan to curb cyber security threats.

“CBK mandates all institutions to review their cyber security strategy, policy and framework regularly based on each institution’s threat and vulnerability assessment,” it said.

Under the new regulations rules, lenders will be required to place the cyber risks issue at the board and management level. The regulations are expected to spur the hiring of Internet savvy experts, including chief information security officers, dedicated to countering cyber threats.

Information Communication Technology Association of Kenya earlier said the legal framework would aid banks better combat cybercrimes.

“Viewed against the phenomenal risk posed by emergent cyber threats, the guidelines proposed by CBK are long overdue,” said ICTAK secretary-general Kamotho Njenga.

Mr Njenga said since most banks have embraced online financial transactions to enhance convenience for their customers, the lenders are a soft target for cyber-attacks.

“The directive by CBK compelling financial institutions to review their cyber security policy is fundamentally to their advantage,” he said.