The Central Bank of Nigeria (CBN) has issued a letter and a draft document outlining how financial institutions in the West Afrikan country should deal with cyber security related risks. The main reason it has issued the draft "risk-based cyber-security framework", CBN explains, is because of the recent inrease in the number of cyber-security threats against "Deposit Money Banks (DMBs) and Payment Service Providers (PSPs)."
As the CBN document regularly states, the guidelines and framework has been compiled to get comments from stakeholders with the hope of it being finalized and its recommendations forming part of the minimum requirements that banks and payments service providers in Nigeria must adhere to.
The letter that the Central Bank of Nigeria sent to banks and payment service providers on the risk-based cyber-security framework.
"In recent times, cyber-security threats have increased in number and sophistication as DMBs and PSPs use information technology to expedite the flow of funds among entities. In this regard, the threats such as ransomware, targeted phishing attacks and Advanced Persistent Threats (APTs), have become prevalent; demanding that DMBs and PSP remain resilient and take proactive steps to secure their critical information assets including customer information that are accesible via cyberspace. In this regard that this framework, which outlines the minimum cybersecurity baseline to be put in place by DMBs and PSPs, is being issued. The frameworks is designed to provide guidance fro DMBs and PSPs in the implementation of their cybersecurity programmes towards enhancing their resilience."
One thing is certain, as also the CBN states, there has been a rise of security breaches especially against financial institutions. In our work at iAfrikan, we have also noted that a lot of these breaches do not end up being reported publicly to all stakeholders as the companies involved tend not to want to attract the negative perception and publicity that comes with having suffered a security breach. It is also in this regard that the CBN draft cyber security risks framework is welcomed as it also touches on reporting of security breaches by financial institutions to stakeholders including the CBN.
This becomes even more important when you consider that, according to a recent report by Serianu Limited, 81% of cyber security incidents in Nigeria either go unresolved or unreported, an alarmingly high number by any standards. Added to that, perhaps something that financial institutions have to battle with also, is a lack of qualified cyber security professionals in the country as Serianu reports that there is a total of 1,800 estimated certified cyber security professionals in Nigeria.
The CBN draft cyber security framework also touches on the responsibilities of the Board of Directors when it comes to cyber security, among many others. All stakeholders have until the end of July 2018 to submit their comments, objections, or suggestions to the CBN.