CBK said that the banks should present their strategies, policies, procedures and related activities aimed at mitigating cyber risk and subsequently create a safer and more secure cyberspace that underpins information system security priorities and promote stability of the Kenyan banking sector.
According to the African Cyber Security Report 2016, Kenya is the worst hit country in East Africa by cyber-crime, with the country losing $171 million to cyber criminals last year, followed by Tanzania which lost $85 million, while Uganda lost $35 million.
“CBK is well aware of the fact that cyber risk will keep morphing due to the evolution of cyber threats in Kenya and across the globe. Therefore, CBK mandates all institutions to review their cybersecurity strategy, policy, and framework regularly based on each institution’s threat and vulnerability assessment,” CBK said in a notice.
CBK said the move is necessary so as to maintain trust and confidence in the financial system as well as promotion of compliance with appropriate technical and operational cybersecurity standards.