Central Bank of Kenya. [Photo/FSD Kenya]Commercial banks are expected to begin implementing the new cybersecurity guidelines by November 30 following the conclusion of a consultative process that began in mid-June by The Central Bank of Kenya.
The guidelines have been embraced by chief executives of financial institutions in their feedback which were received by the August 31 deadline says the CBK Governor Patrick Njoroge.The Guidance Note is meant to reduce the growing risks of cyber-attacks in face of increasing exposure of the banks which have heavily invested in digital banking channels.Dr Njoroge said,“The guidelines have now been commented on, revised and issued for implementation. It is in November that we need to ensure they have done that implemented the guidelines,”. He further added “These guidelines have been received very favourably by all the institutions. We need to ensure they have done all that we have prescribed."The lenders, as a minimum requirement, have been ordered to formulate documented policy, strategy and framework to fight the multi-billion-shilling cyber security threat at the company level and its subsidiaries.The note also requires the banks to promote chief information security officers to senior managerial level to enforce cyber security policy and oversee implementation of the strategy.The CBK argues in the note this will create an “organisational culture of shared cyber-security ownership” within the institution.“It is not just the bank CEOs that have welcomed the guidelines but actually the much wider community. I would add that this is one of the areas where in the continent we (Kenya) are leading in terms of modern cyber-security guidelines,” Dr Njoroge said.Consultancy firm Deloitte in global report in February estimated that Kenyan firms lost Sh17.59 billion ($171 million) to cyber criminals in 2016.Banks, which rarely make public cyber-attacks to safeguard public confidence, are under the guidelines required to report such incidence to the CBK within 24 hours of occurrence.