The Central Bank of Nigeria (CBN), with the release of the Risk-Based Cybersecurity Framework and Guidelines for Other Financial Institutions (OFIs), expressed its desire for banks to stem cybercrime in the country.
In the newly-released guidelines, CBN said all the financial institutions operating within the shores of the country must before January 1, 2023, comply fully with its risk-based cybersecurity framework.
BizWatch Nigeria understands that this new development follows the sharp increase in the number of cybersecurity threats against financial institutions.
In a circular dated Thursday, June 29, 2022, the apex bank explained that the directive became mandatory for institutions to strengthen their cyber defenses if they were to remain safe and sound.
The regulator stressed that the safety and soundness of OFIs required that they operate in a safe and secure environment, hence the platform on which information is processed and transmitted should be managed in a way that ensures confidentially, integrity, and availability of information as well as the avoidance of financial loss and reputation risks among others.
The CBN noted that considering the reliance of financial institutions on information and communications technology (ICT) to operate their business and the rising incidences of cyber threats and attacks targeted at financial institutions, it became necessary to implement cybersecurity measures to mitigate against those risks.
The bank specifically noted that threats including ransomware, targeted phishing attacks and Advanced Persistent Threats (APT) had become prevalent, demanding that financial institutions boost cyber resilience as well as take proactive steps to secure their critical information assets to ensure their safety and soundness.
What the CBN framework was designed to achieve
- Amongst other things, the new framework was designed to prevent and combat cybercrimes.
- It also aims at promoting and maintaining public trust in financial institutions.
- The framework also provides a risk-based approach when it comes to managing cybersecurity risk.
- It also specifically explains the role of directors in relation to cybersecurity as well as the appointment and responsibilities of the Chief Information Security Officer (CISO) among others.
Banks’ losses to cybercrimes
According to the Nigeria Inter-Bank Settlement System (NIBSS), financial institutions in the country recorded a loss of N3.5 billion to fraud-related incidences.
The losses were recorded between July and September 2020, a development that represents an increase of 534% when compared to the corresponding period of 2019, when the banks lost N552 million to cybercrimes.
In the report, it was disclosed there-in that the highest number of fraudulent cases (35.5% of the total) were committed on the web channel, transactions that are done using a web browser.
The NIBSS, however, explained that the trend from the beginning of 2020 has been that the web and mobile channels are viable mediums for exponential fraudulent gains.