CBN Gives Financial Institutions January 1 Deadline To Comply With Cyber Security Framework

The Central Bank of Nigeria has given all banks in the country a deadline of December 1, 2023 to fully comply with the Cyber Security Framework.

The apex bank said the directive became mandatory for institutions to strengthen their cyber defenses if they were to remain safe and sound.

Advertisement

The circular dated June 29, 2022, and signed by the CBN Director, OFIs Department, Nkiru Asiegbu was addressed to all Other Financial Institutions under the regulation of the banking sector regulator.

The Chief Strategy Officer, Deloitte West Africa, Mr. Tope Aladenusi, had last month stated that Nigeria lost N5.5trn to fraud and cybercrimes in 10 years.

He noted that as of December 2020, global losses from cybercrime was over $ 1 trillion.

The rise in cyber frauds has been attributed to insufficient skilled resources, deficiency in awareness, rapidly changing technology landscape and weakness in cyber security controls.

Advertisement

The CBN said the need for full compliance with the framework has become compelling following the recent increase in the number and sophistication of cybersecurity threats against financial institutions.

The objective of the guidelines is to among other things create a safer and more secure cyber environment that supports information system security and promote stability of the OFI sub-sector.

It also seeks to promote and maintain public trust and confidence in the sub-sector as well as contribute towards the prevention and combating of cybercrime in the OFI sub-sector.

Also, the framework provides a risk-based approach to managing cybersecurity risk and consists of six parts including Cybersecurity Governance, and Oversight, Cybersecurity Risk Management System, Cyber Resilience Assessment, Cybersecurity Operational Resilience, Cyber-Threat Intelligence and Metrics, , Monitoring and Reporting.

The apex bank added that the guidelines represented the minimum requirements to be put in place by all OFIs.

Advertisement

The CBN stated that the safety and soundness of OFIs required that they operate in a safe and secure environment, hence the platform on which information is processed and transmitted should be managed in a way that ensures confidentially, integrity and availability of information as well as the avoidance of financial loss and reputation risks among others.

The bank noted that considering the reliance of financial institutions on information and communications technology (ICT) to operate their business and the rising incidences of cyber threats and attacks targeted at financial institutions, it became necessary to implement cybersecurity measures to mitigate against those risks.

The bank specifically noted that threats including ransomware, targeted phishing attacks and Advanced Persistent Threats (APT) had become prevalent, demanding that financial institutions boost cyber resilience as well as take proactive steps to secure their critical information assets to ensure their safety and soundness.

The document further spelt out the roles of board of directors in relation to cybersecurity as well as appointment and responsibilities of the Chief Information Security Officer (CISO) among others.

Leave a comment

Advertisement