Banks, PSPs race to comply with CBN risk-based cyber security framework
Central Bank of Nigeria (CBN) has released a risk-based cybersecurity framework and guidelines for Deposit Money Banks (DMBs) and Payment Service Providers (PSPs) which they must comply with by January 1, 2019.
This is in line with its new licensing regime as well as in compliance with Nigeria Cyber security act of 2015.
In a circular to the concerned organisations which accompanied the framework and guideline, CBN noted that the framework represents the minimum requirements to be put in place by all DMBs in their respective cybersecurity programmes.
In the guideline made available to Nigeria Communications week, CBN stated that: “In recent times, cybersecurity threats have increased in number and sophistication as DMBs and PSPs, use information technology to expedite the flow of funds among entities.
“In this regard, threats such as ransomware, targeted phishing attacks and Advanced Persistent Threats (APT), have become prevalent; demanding that DMBs and PSPs remain resilient and take proactive steps to secure their critical information assets including customer information that are accessible from the cyberspace.
“DMBs/PSPs should note that for a cybersecurity programme to be successful, it must be fully integrated into their business goals and objectives, and must be an integral part of the overall risk management processes.”
Ahmed Adesanya, IT Security and Connectivity Consultant, commended CBN for rising to the occasion of protecting the country’s economy with this regulatory framework.
He said that the risk-based cyber security framework and guideline have lifted the responsibility of cyber security from the IT departments of banks to board and top management issues.
“This framework will increase banks cyber security readiness in the event of any cyber-attack or electronic fraud and stakeholders in the highest authority of banks and payment service providers are now involved in addressing cyber security issues. This is a move in the right direction by CBN to protect customers of Deposit Money Banks and PSP,” he noted.
Engr. Ike Nnamani, chief executive officer, Demadiur Systems – a cybersecurity firm, said that the involvement of senior management in cyber security policies in organizations as contained in the CBN framework was listed in the 2017 Nigeria Cyber Security Report published by Demadiur Systems Limited.
“This became necessary because in the survey done in 2017 and even 2016 it was discovered that over 95% of the Nigerian business do not have a specific budget for confronting cyber treats.
Only when there is a problem that the IT team makes request for cyber security solutions and often it is not approved based on the fact that it not in the annual budget.
This has led to a situation where most organizations suffer cyber security losses that are avoidable if given priority.
“The decision by the CBN is therefore a welcomed development that will create a more secured cyber space for the country. It is recommended that other agencies and organizations adopt this policy also,” he said.