The Central Bank of Kenya (CBK) has established the Banking Sector Cybersecurity Operations Centre (BS-SOC), a centralized facility designed to protect the integrity of the financial system.
According to a press release by the regulator, BS-SOC, under the bank’s Cyber Fusion Unit, will provide services including Cyber Threat Intelligence, Incident Response, Digital Forensics, and Cyber Investigations.
CBK affirmed that it has begun the process of aligning and harmonizing the Commercial Banks Cybersecurity Guidelines 2017 and the Payment Service Providers Cybersecurity Guidelines 2019 with the provisions of the Computer Misuse and Cybercrimes (Critical Information Infrastructure and Cybersecurity) Regulations 2024.
Pending the completion of the harmonisation process, CBK advised all regulated banking and financial institutions to comply with both sets of requirements and to report cybersecurity incidents to the BS-SOC within the prescribed timeframe.
The regulator has called on all stakeholders to support the initiative, which seeks to enhance the robustness of the banking industry against persistent and sophisticated cyber criminals using a variety of techniques to infiltrate banking and payment systems.
“The successful implementation of this initiative requires the full collaboration and cooperation of all stakeholders. This partnership is imperative to enhance the resilience of the banking sector against the significant and persistent challenges posed by sophisticated cyber threat actors,” read part of the statement of the CBK.
CBK’s BS-SOC alignment
The BS-SOC is a strategic initiative under the Central Bank of Kenya (CBK) Strategic Plan 2024-2027 that underscores the apex bank’s commitment to safeguarding the financial system. The initiative aligns with Kenya’s National Cyber Security Strategy 2022–2027, which seeks to address emerging cyber threats and enhance the country’s cybersecurity posture.
Cybersecurity Risks
Cyber risks have surged primarily due to the digitalisation of payments. In the year 2024/25, the Communications Authority of Kenya (CAK) recorded 8 billion cyber threats, up 71.4% from 3.5 billion cyber threats in 2023/24.
System misconfiguration accounted for the highest threats at 7.7 billion cyber threats. Malware attacks, web application attacks, and botnets accounted for 106 million, 22 million, and 114 million cyber threats, respectively.
In the banking sector, cyber fraud cases rose to 353 in 2024 from 153 cases in 2023. The amount exposed increased from KES 680.9 million to KES 1.9 billion, while the actual loss jumped from KES 412 million to KES 1.5 billion in 2024, sabotaging the profitability of banks and their ability to build more capital.
Also Read: CBK Powers up New Risk-Based Credit Pricing Model
